38 files changed, 10728 insertions, 175480 deletions

diff --git a/src/man/po/as.po b/src/man/po/as.po
deleted file mode 100644
index 98a5bbd9b..000000000
--- a/src/man/po/as.po
+++ /dev/null
@@ -1,6314 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Assamese (http://www.transifex.net/projects/p/fedora/team/"
-"as/)\n"
-"Language: as\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/bn.po b/src/man/po/bn.po
deleted file mode 100644
index 10228db7b..000000000
--- a/src/man/po/bn.po
+++ /dev/null
@@ -1,6313 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Bengali <info@ankur.org.bd>\n"
-"Language: bn\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/bs.po b/src/man/po/bs.po
deleted file mode 100644
index 83a6a72d1..000000000
--- a/src/man/po/bs.po
+++ /dev/null
@@ -1,6315 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Bosnian (http://www.transifex.net/projects/p/fedora/team/"
-"bs/)\n"
-"Language: bs\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
-"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/ca.po b/src/man/po/ca.po
deleted file mode 100644
index 8a7e65d6a..000000000
--- a/src/man/po/ca.po
+++ /dev/null
@@ -1,6313 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Catalan <fedora@llistes.softcatala.org>\n"
-"Language: ca\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/cs.po b/src/man/po/cs.po
index b9e59e9ee..667902a49 100644
--- a/src/man/po/cs.po
+++ b/src/man/po/cs.po
@@ -8,10 +8,11 @@ msgid ""
 msgstr ""
 "Project-Id-Version: SSSD\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2011-12-21 10:12+0000\n"
+"POT-Creation-Date: 2012-03-12 16:37-0300\n"
+"PO-Revision-Date: 2012-03-08 11:52+0000\n"
 "Last-Translator: sgallagh <sgallagh@redhat.com>\n"
-"Language-Team: Czech (http://www.transifex.net/projects/p/fedora/team/cs/)\n"
+"Language-Team: Czech (http://www.transifex.net/projects/p/fedora/language/"
+"cs/)\n"
 "Language: cs\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -23,7 +24,9 @@ msgstr ""
 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
 #: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
 #: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
+#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5
+#: sss_debuglevel.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_ssh_knownhostsproxy.1.xml:5
 msgid "SSSD Manual pages"
 msgstr "Manuálové stránky SSSD"
 
@@ -36,7 +39,8 @@ msgstr ""
 #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
+#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11
+#: sss_debuglevel.8.xml:11
 msgid "8"
 msgstr "8"
 
@@ -59,6 +63,8 @@ msgstr ""
 #: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
 #: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
 #: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
+#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_ssh_authorizedkeys.1.xml:30
+#: sss_ssh_knownhostsproxy.1.xml:31
 msgid "DESCRIPTION"
 msgstr "POPIS"
 
@@ -73,6 +79,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
+#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_ssh_authorizedkeys.1.xml:78
+#: sss_ssh_knownhostsproxy.1.xml:65
 msgid "OPTIONS"
 msgstr "VOLBY"
 
@@ -106,12 +114,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
 #: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
+#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sss_ssh_knownhostsproxy.1.xml:95
 msgid "SEE ALSO"
 msgstr "VIZ TAKÉ"
 
@@ -215,7 +224,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
 msgid "Section parameters"
 msgstr ""
 
@@ -445,7 +454,7 @@ msgid "Add a timestamp to the debug messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
 #: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
 msgid "Default: true"
 msgstr ""
@@ -461,7 +470,7 @@ msgid "Add microseconds to the timestamp in debug messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
+#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
 #: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
 #: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
 #: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
@@ -470,12 +479,32 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:270
-msgid "command (string)"
+msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:273
 msgid ""
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:282
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:287
+msgid "command (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:290
+msgid ""
 "By default, the executable representing this service is called <command>sssd_"
 "${service_name}</command>.  This directive allows to change the executable "
 "name for the service. In the vast majority of configurations, the default "
@@ -483,45 +512,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
+#: sssd.conf.5.xml:298
 msgid "Default: <command>sssd_${service_name}</command>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
+#: sssd.conf.5.xml:306
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:308
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
+#: sssd.conf.5.xml:313
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
+#: sssd.conf.5.xml:316
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
+#: sssd.conf.5.xml:320
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:325
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
+#: sssd.conf.5.xml:328
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -529,7 +558,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:334
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -539,7 +568,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
+#: sssd.conf.5.xml:344
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -548,17 +577,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
+#: sssd.conf.5.xml:352
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
+#: sssd.conf.5.xml:357
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
+#: sssd.conf.5.xml:360
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -566,17 +595,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:371
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:374
 msgid ""
 "Exclude certain users from being fetched from the sss NSS database. This is "
 "particularly useful for system accounts. This option can also be set per-"
@@ -585,78 +614,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:381
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
+#: sssd.conf.5.xml:386
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
+#: sssd.conf.5.xml:389
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:398
 msgid "override_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
 msgid "%u"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
 msgid "login name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
 msgid "%U"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:412
 msgid "UID number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
 msgid "%d"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:416
 msgid "domain name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:419
 msgid "%f"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:420
 msgid "fully qualified user name (user@domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
 msgid "%%"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
 msgid "a literal '%'"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:401
 msgid ""
 "Override the user's home directory. You can either provide an absolute value "
 "or a template. In the template, the following sequences are substituted: "
@@ -664,138 +693,138 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:430
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
+#: sssd.conf.5.xml:435
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
+#: sssd.conf.5.xml:438
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
+#: sssd.conf.5.xml:441
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:445
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
+#: sssd.conf.5.xml:450
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:455
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:458
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:462
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:467
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:470
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:475
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:478
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:482
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:489
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
+#: sssd.conf.5.xml:491
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:496
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:499
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
+#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
+#: sssd.conf.5.xml:510
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:513
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
+#: sssd.conf.5.xml:523
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
+#: sssd.conf.5.xml:526
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
+#: sssd.conf.5.xml:531
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -803,59 +832,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:543
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
+#: sssd.conf.5.xml:546
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
+#: sssd.conf.5.xml:551
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:554
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:557
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
+#: sssd.conf.5.xml:561
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
+#: sssd.conf.5.xml:564
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
+#: sssd.conf.5.xml:568 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:573
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:576
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -863,7 +892,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
+#: sssd.conf.5.xml:582
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -872,17 +901,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:596
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:599
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:602
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -890,27 +919,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
+#: sssd.conf.5.xml:608
 msgid "Default: 7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:616
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:618
 msgid "These options can be used to configure the sudo service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
+#: sssd.conf.5.xml:625
 msgid "sudo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
+#: sssd.conf.5.xml:628
 msgid ""
 "For any sudo request that comes while SSSD is online, the SSSD will attempt "
 "to update the cached rules in order to ensure that sudo has the latest "
@@ -918,7 +947,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:634
 msgid ""
 "The user may, however, run a couple of sudo commands successively, which "
 "would trigger multiple LDAP requests.  In order to speed up this use-case, "
@@ -927,71 +956,71 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
+#: sssd.conf.5.xml:641
 msgid ""
 "This option controls how long (in seconds) can the sudo service cache rules "
 "for a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:645
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
+#: sssd.conf.5.xml:650
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:653
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:666
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:668
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
+#: sssd.conf.5.xml:676
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
+#: sssd.conf.5.xml:679
 msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
+"Specifies for how many seconds should the autofs responder negative cache "
+"hits (that is, queries for invalid map entries, like nonexistent ones) "
 "before asking the back end again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:696
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:703
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
+#: sssd.conf.5.xml:706
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:711
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1000,56 +1029,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:718
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:724
 msgid "timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:727
 msgid ""
 "Timeout in seconds between heartbeats for this domain.  This is used to "
 "ensure that the backend process is alive and capable of answering requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
+#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
 msgid "Default: 10"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:738
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:741
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
+#: sssd.conf.5.xml:745
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:748
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
+#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:754
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1059,14 +1088,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
+#: sssd.conf.5.xml:764
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
+#: sssd.conf.5.xml:769
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -1075,98 +1104,98 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:780
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:783
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
+#: sssd.conf.5.xml:787
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
+#: sssd.conf.5.xml:793
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
+#: sssd.conf.5.xml:796
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
+#: sssd.conf.5.xml:839
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
+#: sssd.conf.5.xml:806
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
+#: sssd.conf.5.xml:809
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:819
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:822
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:832
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:835
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:845
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:848
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:852
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:861
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:864
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -1175,47 +1204,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
+#: sssd.conf.5.xml:871
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
+#: sssd.conf.5.xml:877
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:880
 msgid "The Data Provider identity backend to use for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
+#: sssd.conf.5.xml:884
 msgid "Supported backends:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
+#: sssd.conf.5.xml:887
 msgid "proxy: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
+#: sssd.conf.5.xml:890
 msgid "local: SSSD internal local provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:893
 msgid "ldap: LDAP provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:899
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
+#: sssd.conf.5.xml:902
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1224,19 +1253,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:915
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:918
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:922
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1244,7 +1273,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:929
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1252,30 +1281,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:936
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:939
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:942
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
+#: sssd.conf.5.xml:948
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:951
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -1283,17 +1312,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:957
 msgid "<quote>permit</quote> always allow access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:960
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
+#: sssd.conf.5.xml:963
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1302,24 +1331,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:970
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:975
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:978
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
+#: sssd.conf.5.xml:983
 msgid ""
 "<quote>ipa</quote> to change a password stored in an IPA server.  See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1327,7 +1356,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:991
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1335,7 +1364,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
+#: sssd.conf.5.xml:999
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1343,35 +1372,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:1007
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
+#: sssd.conf.5.xml:1011
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
+#: sssd.conf.5.xml:1014
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1021
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1027
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1031
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1379,29 +1408,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1038
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1041
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1047
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1050
 msgid ""
 "The provider which should handle loading of session settings.  Supported "
 "session providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1055
 msgid ""
 "<quote>ipa</quote> to load session settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1409,66 +1438,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1063
 msgid "<quote>none</quote> disallows fetching session settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1066
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "session loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
+#: sssd.conf.5.xml:1073
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1076
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1080
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1083
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1086
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1089
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1092
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1095
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1101
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1104
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the DNS "
 "resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1476,51 +1505,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1116
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
+#: sssd.conf.5.xml:1119
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1123
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1129
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1132
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
+#: sssd.conf.5.xml:1138
 msgid "case_sensitive (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1141
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1146
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:698
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1528,29 +1557,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1158
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1161
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1164
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1172
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1175
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1558,19 +1587,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1154
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1187
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1189
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -1578,73 +1607,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1196
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
+#: sssd.conf.5.xml:1199
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
+#: sssd.conf.5.xml:1203
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1208
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:1211
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1216
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
+#: sssd.conf.5.xml:1221
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
+#: sssd.conf.5.xml:1224
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
+#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1233
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
+#: sssd.conf.5.xml:1236
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
+#: sssd.conf.5.xml:1245
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1248
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1652,17 +1681,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
+#: sssd.conf.5.xml:1256
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1261
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1264
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -1671,17 +1700,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
+#: sssd.conf.5.xml:1274
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
+#: sssd.conf.5.xml:1279
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1282
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -1689,17 +1718,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1289
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
+#: sssd.conf.5.xml:1294
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1297
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -1707,18 +1736,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1303
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
+#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
 #: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
 msgid "EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -1748,7 +1777,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1315
 msgid ""
 "The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -1757,7 +1786,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1350
 msgid ""
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
 "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3589,10 +3618,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:1639
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "SUDO OPTIONS"
-msgstr "VOLBY"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1644
@@ -3798,17 +3825,15 @@ msgstr ""
 #: sssd-ldap.5.xml:1815
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
+"explanation of sudo related attribute semantics, see <citerefentry> "
 "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
 "citerefentry>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:1825
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "AUTOFS OPTIONS"
-msgstr "VOLBY"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1827
@@ -5082,12 +5107,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
+#: sssd.8.xml:117 sss_debuglevel.8.xml:42
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
+#: sssd.8.xml:121 sss_debuglevel.8.xml:46
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -5234,7 +5259,8 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:82
+#: sss_ssh_knownhostsproxy.1.xml:81
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -6194,6 +6220,321 @@ msgid ""
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_cache.8.xml:10 sss_cache.8.xml:15
+msgid "sss_cache"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_cache.8.xml:16
+msgid "perform cache cleanup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_cache.8.xml:21
+msgid ""
+"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_cache.8.xml:31
+msgid ""
+"<command>sss_cache</command> invalidates records in SSSD cache.  Invalidated "
+"records are forced to be reloaded from server as soon as related SSSD "
+"backend is online."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:42
+msgid ""
+"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:47
+msgid "Invalidate specific user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:53
+msgid "<option>-U</option>,<option>--users</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:57
+msgid ""
+"Invalidate all user records. This option overrides invalidation of specific "
+"user if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:64
+msgid ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:69
+msgid "Invalidate specific group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:75
+msgid "<option>-G</option>,<option>--groups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:79
+msgid ""
+"Invalidate all group records. This option overrides invalidation of specific "
+"group if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:86
+msgid ""
+"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:91
+msgid "Invalidate specific netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:97
+msgid "<option>-N</option>,<option>--netgroups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:101
+msgid ""
+"Invalidate all netgroup records. This option overrides invalidation of "
+"specific netgroup if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:108
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:113
+msgid "Restrict invalidation process only to a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
+msgid "sss_debuglevel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_debuglevel.8.xml:16
+msgid "change debug level while SSSD is running"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_debuglevel.8.xml:21
+msgid ""
+"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
+"replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_debuglevel.8.xml:32
+msgid ""
+"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
+"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
+"running."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_debuglevel.8.xml:59
+msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
+msgid "sss_ssh_authorizedkeys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
+msgid "1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_authorizedkeys.1.xml:16
+msgid "get OpenSSH authorized keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_authorizedkeys.1.xml:21
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>USER</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:32
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
+"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
+"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> for more information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:41
+msgid ""
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
+"command> for public key user authentication if it is compiled with support "
+"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
+"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:58
+#, no-wrap
+msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:51
+msgid ""
+"If <quote>AuthorizedKeysCommand</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by putting the following directive "
+"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:69
+#, no-wrap
+msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:62
+msgid ""
+"If <quote>PubkeyAgent</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by using the following directive "
+"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:87
+msgid ""
+"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:98
+msgid ""
+"<citerefentry> <refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sshd_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
+msgid "sss_ssh_knownhostsproxy"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_knownhostsproxy.1.xml:16
+msgid "get OpenSSH host keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_knownhostsproxy.1.xml:21
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
+"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:33
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
+"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
+"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
+"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> for more information)  <filename>/var/lib/sss/"
+"pubconf/known_hosts</filename> and estabilishes connection to the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:43
+msgid ""
+"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
+"create the connection to the host instead of opening a socket."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_knownhostsproxy.1.xml:55
+#, no-wrap
+msgid ""
+"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
+"GlobalKnownHostsFile2 /var/lib/sss/pubconf/known_hosts\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:48
+msgid ""
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</"
+"command> for host key authentication by using the following directives for "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_ssh_knownhostsproxy.1.xml:69
+msgid ""
+"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:74
+msgid ""
+"Use port <replaceable>PORT</replaceable> to connect to the host.  By "
+"default, port 22 is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:86
+msgid ""
+"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:97
+msgid ""
+"<citerefentry> <refentrytitle>ssh</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>ssh_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -6332,3 +6673,113 @@ msgstr "<option>-h</option>,<option>--help</option>"
 #: include/param_help.xml:7
 msgid "Display help message and exit."
 msgstr "Zobraz nápovědu a ukon�i program."
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:3
+msgid ""
+"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
+"default value as well as the lowest allowed value, 0xFFF0 is the most "
+"verbose mode. This setting overrides the settings from config file."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:8
+msgid "Currently supported debug levels:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:11
+msgid ""
+"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
+"SSSD from starting up or causes it to cease running."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:15
+msgid ""
+"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
+"the SSSD, but one that indicates that at least one major feature is not "
+"going to work properly."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:20
+msgid ""
+"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
+"particular request or operation has failed."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:24
+msgid ""
+"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
+"percolate down to cause the operation failure of 2."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:28
+msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:31
+msgid "<emphasis>0x0200</emphasis>: Function data."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:34
+msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:37
+msgid ""
+"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:40
+msgid ""
+"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
+"may be interesting."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:43
+msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:46
+msgid ""
+"To log required debug levels, simply add their numbers together as shown in "
+"following examples:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:49
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
+"serious failures and function data use 0x0270."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:53
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
+"function data, trace messages for internal control functions use 0x1310."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:57
+msgid ""
+"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
+"1.7.0.  Older format (numbers from 0-10) is compatible but deprecated."
+msgstr ""
+
+#. type: Content of: outside any tag (error?)
+#: include/experimental.xml:1
+msgid ""
+"<emphasis> This is an experimental feature, please use http://fedorahosted."
+"org/sssd to report any issues.  </emphasis>"
+msgstr ""
diff --git a/src/man/po/de.po b/src/man/po/de.po
deleted file mode 100644
index 068446b8e..000000000
--- a/src/man/po/de.po
+++ /dev/null
@@ -1,6313 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: German <trans-de@lists.fedoraproject.org>\n"
-"Language: de\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/el.po b/src/man/po/el.po
deleted file mode 100644
index d6f0e45c3..000000000
--- a/src/man/po/el.po
+++ /dev/null
@@ -1,6313 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Greek <trans-el@lists.fedoraproject.org>\n"
-"Language: el\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/es.po b/src/man/po/es.po
index 8d9470d9d..852cff6f1 100644
--- a/src/man/po/es.po
+++ b/src/man/po/es.po
@@ -3,13 +3,16 @@
 # This file is distributed under the same license as the sssd-docs package.
 #
 # Translators:
+# Adolfo Jayme Barrientos <fitoschido@gmail.com>, 2012.
+# Eduardo Villagrán <evillagr@fedoraproject.org>, 2011.
+# Eduardo Villagrán M <gotencool@gmail.com>, 2011.
 # Héctor Daniel Cabrera <logan@fedoraproject.org>, 2011.
 msgid ""
 msgstr ""
 "Project-Id-Version: SSSD\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2011-12-21 10:12+0000\n"
+"POT-Creation-Date: 2012-03-12 16:37-0300\n"
+"PO-Revision-Date: 2012-03-08 11:52+0000\n"
 "Last-Translator: sgallagh <sgallagh@redhat.com>\n"
 "Language-Team: Spanish (Castilian) <trans-es@lists.fedoraproject.org>\n"
 "Language: es\n"
@@ -23,7 +26,9 @@ msgstr ""
 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
 #: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
 #: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
+#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5
+#: sss_debuglevel.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_ssh_knownhostsproxy.1.xml:5
 msgid "SSSD Manual pages"
 msgstr "Páginas de manual de SSSD"
 
@@ -36,7 +41,8 @@ msgstr "sss_groupmod"
 #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
+#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11
+#: sss_debuglevel.8.xml:11
 msgid "8"
 msgstr "8"
 
@@ -62,6 +68,8 @@ msgstr ""
 #: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
 #: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
 #: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
+#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_ssh_authorizedkeys.1.xml:30
+#: sss_ssh_knownhostsproxy.1.xml:31
 msgid "DESCRIPTION"
 msgstr "DESCRIPCION"
 
@@ -78,6 +86,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
+#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_ssh_authorizedkeys.1.xml:78
+#: sss_ssh_knownhostsproxy.1.xml:65
 msgid "OPTIONS"
 msgstr "OPCIONES"
 
@@ -120,12 +130,13 @@ msgstr ""
 "<replaceable>GROUPS</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
 #: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
+#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sss_ssh_knownhostsproxy.1.xml:95
 msgid "SEE ALSO"
 msgstr "VEA TAMBIEN"
 
@@ -257,7 +268,7 @@ msgid "The [sssd] section"
 msgstr "La sección [sssd]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
 msgid "Section parameters"
 msgstr "Parámetros de sección"
 
@@ -398,7 +409,7 @@ msgstr "Predeterminado: <quote>%1$s@%2$s</quote>."
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:162
 msgid "try_inotify (boolean)"
-msgstr "try_inotify (booleano)"
+msgstr "try_inotify (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:165
@@ -446,7 +457,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:190
 msgid "krb5_rcache_dir (string)"
-msgstr ""
+msgstr "krb5_rcache_dir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:193
@@ -495,64 +506,88 @@ msgid ""
 "section, for example, for NSS service, the section would be <quote>[nss]</"
 "quote>"
 msgstr ""
+"Los ajustes que pueden ser utilizados para configurar diferentes servicios "
+"se describe en esta sección. Ellos deben residir en la sección [<replaceable>"
+"$NAME</replaceable>], por ejemplo, para el servicio NSS, la sección sería "
+"<quote>[nss]</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sssd.conf.5.xml:225
 msgid "General service configuration options"
-msgstr ""
+msgstr "Opciones de configuración de servicios generales"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sssd.conf.5.xml:227
 msgid "These options can be used to configure any service."
-msgstr ""
+msgstr "Estas opciones pueden usarse para configurar cualquier servicio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:231
 msgid "debug_level (integer)"
-msgstr ""
+msgstr "debug_level (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:235
 msgid "debug_timestamps (bool)"
-msgstr ""
+msgstr "debug_timestamps (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:238
 msgid "Add a timestamp to the debug messages"
-msgstr ""
+msgstr "Agregar una marca de tiempo a los mensajes de depuración"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
 #: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
 msgid "Default: true"
-msgstr ""
+msgstr "Predeterminado: true"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:246
 msgid "debug_microseconds (bool)"
-msgstr ""
+msgstr "debug_microseconds (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:249
 msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
+msgstr "Agregar microsegundos a la marca de tiempo en mensajes de depuración"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
+#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
 #: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
 #: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
 #: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
 msgid "Default: false"
-msgstr ""
+msgstr "Predeterminado: false"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:270
-msgid "command (string)"
+msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:273
 msgid ""
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:282
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:287
+msgid "command (string)"
+msgstr "command (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:290
+msgid ""
 "By default, the executable representing this service is called <command>sssd_"
 "${service_name}</command>.  This directive allows to change the executable "
 "name for the service. In the vast majority of configurations, the default "
@@ -560,45 +595,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
+#: sssd.conf.5.xml:298
 msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
+msgstr "Predeterminado: <command>sssd_${service_name}</command>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
+#: sssd.conf.5.xml:306
 msgid "NSS configuration options"
-msgstr ""
+msgstr "Opciones de configuración de NSS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:308
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
+"Estas opciones pueden ser usadas para configurar el servicio Name Service "
+"Switch (NSS)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
+#: sssd.conf.5.xml:313
 msgid "enum_cache_timeout (integer)"
-msgstr ""
+msgstr "enum_cache_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
+#: sssd.conf.5.xml:316
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
+#: sssd.conf.5.xml:320
 msgid "Default: 120"
-msgstr ""
+msgstr "Predeterminado: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:325
 msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
+msgstr "entry_cache_nowait_percentage (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
+#: sssd.conf.5.xml:328
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -606,7 +643,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:334
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -616,7 +653,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
+#: sssd.conf.5.xml:344
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -625,17 +662,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
+#: sssd.conf.5.xml:352
 msgid "Default: 50"
-msgstr ""
+msgstr "Predeterminado: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
+#: sssd.conf.5.xml:357
 msgid "entry_negative_timeout (integer)"
-msgstr ""
+msgstr "entry_negative_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
+#: sssd.conf.5.xml:360
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -643,17 +680,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
 msgid "Default: 15"
-msgstr ""
+msgstr "Predeterminado: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:371
 msgid "filter_users, filter_groups (string)"
-msgstr ""
+msgstr "filter_users, filter_groups (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:374
 msgid ""
 "Exclude certain users from being fetched from the sss NSS database. This is "
 "particularly useful for system accounts. This option can also be set per-"
@@ -662,78 +699,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:381
 msgid "Default: root"
-msgstr ""
+msgstr "Predeterminado: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
+#: sssd.conf.5.xml:386
 msgid "filter_users_in_groups (bool)"
-msgstr ""
+msgstr "filter_users_in_groups (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
+#: sssd.conf.5.xml:389
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:398
 msgid "override_homedir (string)"
-msgstr ""
+msgstr "override_homedir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
 msgid "%u"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
 msgid "login name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
 msgid "%U"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:412
 msgid "UID number"
-msgstr ""
+msgstr "número UID"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
 msgid "%d"
-msgstr ""
+msgstr "%d"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:416
 msgid "domain name"
-msgstr ""
+msgstr "nombre de dominio"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:419
 msgid "%f"
-msgstr ""
+msgstr "%f"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:420
 msgid "fully qualified user name (user@domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
 msgid "%%"
-msgstr ""
+msgstr "%%"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
 msgid "a literal '%'"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:401
 msgid ""
 "Override the user's home directory. You can either provide an absolute value "
 "or a template. In the template, the following sequences are substituted: "
@@ -741,138 +778,140 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:430
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
+#: sssd.conf.5.xml:435
 msgid "allowed_shells (string)"
-msgstr ""
+msgstr "allowed_shells (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
+#: sssd.conf.5.xml:438
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
+#: sssd.conf.5.xml:441
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:445
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
+#: sssd.conf.5.xml:450
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:455
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:458
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:462
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:467
 msgid "vetoed_shells (string)"
-msgstr ""
+msgstr "vetoed_shells (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:470
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:475
 msgid "shell_fallback (string)"
-msgstr ""
+msgstr "shell_fallback (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:478
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:482
 msgid "Default: /bin/sh"
-msgstr ""
+msgstr "Predeterminado: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:489
 msgid "PAM configuration options"
-msgstr ""
+msgstr "Opciones de configuración PAM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
+#: sssd.conf.5.xml:491
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
+"Estas opciones pueden ser usadas para configurar el servicio Pluggable "
+"Authentication Module (PAM)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:496
 msgid "offline_credentials_expiration (integer)"
-msgstr ""
+msgstr "offline_credentials_expiration (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:499
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
+#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
 msgid "Default: 0 (No limit)"
-msgstr ""
+msgstr "Predeterminado: 0 (Sin límite)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
+#: sssd.conf.5.xml:510
 msgid "offline_failed_login_attempts (integer)"
-msgstr ""
+msgstr "offline_failed_login_attempts (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:513
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
+#: sssd.conf.5.xml:523
 msgid "offline_failed_login_delay (integer)"
-msgstr ""
+msgstr "offline_failed_login_delay (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
+#: sssd.conf.5.xml:526
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
+#: sssd.conf.5.xml:531
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -880,59 +919,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
 msgid "Default: 5"
-msgstr ""
+msgstr "Predeterminado: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:543
 msgid "pam_verbosity (integer)"
-msgstr ""
+msgstr "pam_verbosity (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
+#: sssd.conf.5.xml:546
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
+#: sssd.conf.5.xml:551
 msgid "Currently sssd supports the following values:"
-msgstr ""
+msgstr "Actualmente sssd soporta los siguientes valores:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:554
 msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
+msgstr "<emphasis>0</emphasis>: no mostrar ningún mensaje"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:557
 msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
+msgstr "<emphasis>1</emphasis>: mostrar sólo mensajes importantes"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
+#: sssd.conf.5.xml:561
 msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
+msgstr "<emphasis>2</emphasis>: mostrar mensajes informativos"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
+#: sssd.conf.5.xml:564
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
+"<emphasis>3</emphasis>: mostrar todos los mensajes e información de "
+"depuración"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
+#: sssd.conf.5.xml:568 sssd.8.xml:63
 msgid "Default: 1"
-msgstr ""
+msgstr "Predeterminado: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:573
 msgid "pam_id_timeout (integer)"
-msgstr ""
+msgstr "pam_id_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:576
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -940,7 +981,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
+#: sssd.conf.5.xml:582
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -949,17 +990,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:596
 msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
+msgstr "pam_pwd_expiration_warning (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:599
 msgid "Display a warning N days before the password expires."
-msgstr ""
+msgstr "Mostrar una advertencia N días antes que la contraseña caduque."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:602
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -967,27 +1008,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
+#: sssd.conf.5.xml:608
 msgid "Default: 7"
-msgstr ""
+msgstr "Predeterminado: 7"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:616
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:618
 msgid "These options can be used to configure the sudo service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
+#: sssd.conf.5.xml:625
 msgid "sudo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
+#: sssd.conf.5.xml:628
 msgid ""
 "For any sudo request that comes while SSSD is online, the SSSD will attempt "
 "to update the cached rules in order to ensure that sudo has the latest "
@@ -995,7 +1036,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:634
 msgid ""
 "The user may, however, run a couple of sudo commands successively, which "
 "would trigger multiple LDAP requests.  In order to speed up this use-case, "
@@ -1004,75 +1045,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
+#: sssd.conf.5.xml:641
 msgid ""
 "This option controls how long (in seconds) can the sudo service cache rules "
 "for a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd.conf.5.xml:645
 msgid "Default: 180"
-msgstr "Predeterminado: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
+#: sssd.conf.5.xml:650
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:653
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:666
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:668
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-#, fuzzy
-#| msgid "reconnection_retries (integer)"
+#: sssd.conf.5.xml:676
 msgid "autofs_negative_timeout (integer)"
-msgstr "reconnection_retries (entero)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
+#: sssd.conf.5.xml:679
 msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
+"Specifies for how many seconds should the autofs responder negative cache "
+"hits (that is, queries for invalid map entries, like nonexistent ones) "
 "before asking the back end again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:696
 msgid "DOMAIN SECTIONS"
-msgstr ""
+msgstr "SECCIONES DE DOMINIO"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:703
 msgid "min_id,max_id (integer)"
-msgstr ""
+msgstr "min_id, max_id (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
+#: sssd.conf.5.xml:706
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
+"Límites de UID y GID para el dominio. Si un dominio contiene una entrada que "
+"está fuera de estos límites, ésta es ignorada."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:711
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1081,56 +1120,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:718
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
+msgstr "Predeterminado: 1 para min_id, 0 (sin límite) para max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:724
 msgid "timeout (integer)"
-msgstr ""
+msgstr "timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:727
 msgid ""
 "Timeout in seconds between heartbeats for this domain.  This is used to "
 "ensure that the backend process is alive and capable of answering requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
+#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
 msgid "Default: 10"
-msgstr ""
+msgstr "Predeterminado: 10"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:738
 msgid "enumerate (bool)"
-msgstr ""
+msgstr "enumerar (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:741
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
+#: sssd.conf.5.xml:745
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:748
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
+#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
 msgid "Default: FALSE"
-msgstr ""
+msgstr "Predeterminado: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:754
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1140,14 +1179,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
+#: sssd.conf.5.xml:764
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
+#: sssd.conf.5.xml:769
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -1156,98 +1195,102 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:780
 msgid "entry_cache_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:783
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
+"Cuántos segundos debe considerar nss_sss  como válidas las entradas antes de "
+"volver a consultar al backend"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
+#: sssd.conf.5.xml:787
 msgid "Default: 5400"
-msgstr ""
+msgstr "Predeterminado: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
+#: sssd.conf.5.xml:793
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
+#: sssd.conf.5.xml:796
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
+#: sssd.conf.5.xml:839
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
+#: sssd.conf.5.xml:806
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
+#: sssd.conf.5.xml:809
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:819
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:822
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:832
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:835
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:845
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:848
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:852
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
+"Las credenciales de usuario son almacenadas en un hash SHA512, no en texto "
+"plano"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:861
 msgid "account_cache_expiration (integer)"
-msgstr ""
+msgstr "account_cache_expiration (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:864
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -1256,47 +1299,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
+#: sssd.conf.5.xml:871
 msgid "Default: 0 (unlimited)"
-msgstr ""
+msgstr "Predeterminado: 0 (ilimitado)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
+#: sssd.conf.5.xml:877
 msgid "id_provider (string)"
-msgstr ""
+msgstr "id_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:880
 msgid "The Data Provider identity backend to use for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
+#: sssd.conf.5.xml:884
 msgid "Supported backends:"
-msgstr ""
+msgstr "Backends soportados:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
+#: sssd.conf.5.xml:887
 msgid "proxy: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
+#: sssd.conf.5.xml:890
 msgid "local: SSSD internal local provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:893
 msgid "ldap: LDAP provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:899
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
+#: sssd.conf.5.xml:902
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1305,19 +1348,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:915
 msgid "auth_provider (string)"
-msgstr ""
+msgstr "auth_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:918
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
+"El proveedor de autenticación usado por el dominio.  Los proveedores de "
+"autenticación soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:922
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1325,7 +1370,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:929
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1333,30 +1378,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:936
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:939
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:942
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
+#: sssd.conf.5.xml:948
 msgid "access_provider (string)"
-msgstr ""
+msgstr "access_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:951
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -1364,17 +1409,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:957
 msgid "<quote>permit</quote> always allow access."
-msgstr ""
+msgstr "<quote>permit</quote> siempre permitir el acceso."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:960
 msgid "<quote>deny</quote> always deny access."
-msgstr ""
+msgstr "<quote>deny</quote> siempre niega el acceso."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
+#: sssd.conf.5.xml:963
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1383,24 +1428,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:970
 msgid "Default: <quote>permit</quote>"
-msgstr ""
+msgstr "Predeterminado: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:975
 msgid "chpass_provider (string)"
-msgstr ""
+msgstr "chpass_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:978
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
+#: sssd.conf.5.xml:983
 msgid ""
 "<quote>ipa</quote> to change a password stored in an IPA server.  See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1408,51 +1453,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:991
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry> for more information on configuring LDAP."
 msgstr ""
+"<quote>ldap</quote> para cambiar una contraseña almacenada en un servidor "
+"LDAP.  Vea <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> para más información sobre "
+"configurar LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
+#: sssd.conf.5.xml:999
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry> for more information on configuring Kerberos."
 msgstr ""
+"<quote>krb5</quote> para cambiar una contraseña Kerberos. Vea <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> para más información sobre configurar Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:1007
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
+#: sssd.conf.5.xml:1011
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
+"<quote>none</quote> deniega explícitamente los cambios en la contraseña."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
+#: sssd.conf.5.xml:1014
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1021
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1027
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1031
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1460,31 +1513,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1038
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1041
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-#, fuzzy
-#| msgid "re_expression (string)"
+#: sssd.conf.5.xml:1047
 msgid "session_provider (string)"
-msgstr "re_expression (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1050
 msgid ""
 "The provider which should handle loading of session settings.  Supported "
 "session providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1055
 msgid ""
 "<quote>ipa</quote> to load session settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1492,66 +1543,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1063
 msgid "<quote>none</quote> disallows fetching session settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1066
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "session loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
+#: sssd.conf.5.xml:1073
 msgid "lookup_family_order (string)"
-msgstr ""
+msgstr "lookup_family_order (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1076
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1080
 msgid "Supported values:"
-msgstr ""
+msgstr "Valores soportados:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1083
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
+msgstr "ipv4_first: Intenta buscar dirección IPv4, si falla, intenta IPv6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1086
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
+msgstr "ipv4_only: Sólo intenta resolver nombres de host a direccones IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1089
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
+msgstr "ipv6_first: Intenta buscar dirección IPv6, si falla, intenta IPv4"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1092
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
+msgstr "ipv6_only: Sólo intenta resolver nombres de host a direccones IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1095
 msgid "Default: ipv4_first"
-msgstr ""
+msgstr "Predeterminado: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1101
 msgid "dns_resolver_timeout (integer)"
-msgstr ""
+msgstr "dns_resolver_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1104
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the DNS "
 "resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1559,51 +1610,52 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1116
 msgid "dns_discovery_domain (string)"
-msgstr ""
+msgstr "dns_discovery_domain (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
+#: sssd.conf.5.xml:1119
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1123
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
+"Predeterminado: Utilizar la parte del dominio del nombre de host del equipo"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1129
 msgid "override_gid (integer)"
-msgstr ""
+msgstr "override_gid (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1132
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
+#: sssd.conf.5.xml:1138
 msgid "case_sensitive (boolean)"
-msgstr ""
+msgstr "case_sensitive (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1141
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1146
 msgid "Default: True"
-msgstr ""
+msgstr "Predeterminado: True"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:698
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1611,29 +1663,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1158
 msgid "proxy_pam_target (string)"
-msgstr ""
+msgstr "proxy_pam_target (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1161
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1164
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1172
 msgid "proxy_lib_name (string)"
-msgstr ""
+msgstr "proxy_lib_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1175
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1641,130 +1693,147 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1154
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
+"Opciones válidas para dominios proxy.  <placeholder type=\"variablelist\" id="
+"\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1187
 msgid "The local domain section"
-msgstr ""
+msgstr "La sección de dominio local"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1189
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
 "<replaceable>id_provider=local</replaceable>."
 msgstr ""
+"Esta sección contiene la configuración para dominio que almacena los "
+"usuarios y grupos en la base de datos SSSD nativa, es decir, un dominio que "
+"utiliza <replaceable>id_provider=local</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1196
 msgid "default_shell (string)"
-msgstr ""
+msgstr "default_shell (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
+#: sssd.conf.5.xml:1199
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
+"El shell predeterminado para los usuarios creados con herramientas de "
+"espacio de usuario SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
+#: sssd.conf.5.xml:1203
 msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
+msgstr "Predeterminado: <filename>/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1208
 msgid "base_directory (string)"
-msgstr ""
+msgstr "base_directory (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:1211
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
+"Las herramientas anexan el nombre de inicio de sesión para "
+"<replaceable>base_directory</replaceable> y utilizan éste como el directorio "
+"de inicio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1216
 msgid "Default: <filename>/home</filename>"
-msgstr ""
+msgstr "Predeterminado: <filename>/home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
+#: sssd.conf.5.xml:1221
 msgid "create_homedir (bool)"
-msgstr ""
+msgstr "create_homedir (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
+#: sssd.conf.5.xml:1224
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
+#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
 msgid "Default: TRUE"
-msgstr ""
+msgstr "Predeterminado: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1233
 msgid "remove_homedir (bool)"
-msgstr ""
+msgstr "remove_homedir (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
+#: sssd.conf.5.xml:1236
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
+#: sssd.conf.5.xml:1245
 msgid "homedir_umask (integer)"
-msgstr ""
+msgstr "homedir_umask (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1248
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
 "on a newly created home directory."
 msgstr ""
+"Utilizado por <citerefentry><refentrytitle>sss_useradd</refentrytitle> "
+"<manvolnum>8</manvolnum></citerefentry> para especificar los permisos "
+"predeterminados en un directorio de inicio recién creado."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
+#: sssd.conf.5.xml:1256
 msgid "Default: 077"
-msgstr ""
+msgstr "Predeterminado: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1261
 msgid "skel_dir (string)"
-msgstr ""
+msgstr "skel_dir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1264
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
 "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>"
 msgstr ""
+"El directorio esqueleto, el cual contiene archivos y directorios a copiarse "
+"en el directorio principal del usuario, cuando se crea el directorio "
+"principal de <citerefentry><refentrytitle>sss_useradd</refentrytitle> "
+"<manvolnum>8</manvolnum></citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
+#: sssd.conf.5.xml:1274
 msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
+msgstr "Predeterminado: <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
+#: sssd.conf.5.xml:1279
 msgid "mail_dir (string)"
-msgstr ""
+msgstr "mail_dir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1282
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -1772,17 +1841,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1289
 msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
+msgstr "Predeterminado: <filename>/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
+#: sssd.conf.5.xml:1294
 msgid "userdel_cmd (string)"
-msgstr ""
+msgstr "userdel_cmd (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1297
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -1790,18 +1859,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1303
 msgid "Default: None, no command is run"
-msgstr ""
+msgstr "Predeterminado: None, no se ejecuta comando"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
+#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
 #: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
 msgid "EXAMPLE"
-msgstr ""
+msgstr "EJEMPLO"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -1829,9 +1898,33 @@ msgid ""
 "max_id = 20000\n"
 "enumerate = False\n"
 msgstr ""
+"[sssd]\n"
+"domains = LDAP\n"
+"services = nss, pam\n"
+"config_file_version = 2\n"
+"\n"
+"[nss]\n"
+"filter_groups = root\n"
+"filter_users = root\n"
+"\n"
+"[pam]\n"
+"\n"
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"ldap_uri = ldap://ldap.example.com\n"
+"ldap_search_base = dc=example,dc=com\n"
+"\n"
+"auth_provider = krb5\n"
+"krb5_server = kerberos.example.com\n"
+"krb5_realm = EXAMPLE.COM\n"
+"cache_credentials = true\n"
+"\n"
+"min_id = 10000\n"
+"max_id = 20000\n"
+"enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1315
 msgid ""
 "The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -1840,7 +1933,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1350
 msgid ""
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
 "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1857,11 +1950,25 @@ msgid ""
 "<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>."
 msgstr ""
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
-msgstr ""
+msgstr "sssd-ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:23
@@ -1876,7 +1983,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:35
 msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
+msgstr "Puede configurar SSSD para usar más de un dominio LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:38
@@ -1894,12 +2001,12 @@ msgstr ""
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
 #: sssd-krb5.5.xml:63
 msgid "CONFIGURATION OPTIONS"
-msgstr ""
+msgstr "OPCIONES DE CONFIGURACIÓN"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:60
 msgid "ldap_uri (string)"
-msgstr ""
+msgstr "ldap_uri (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:63
@@ -1915,27 +2022,29 @@ msgstr ""
 #: sssd-ldap.5.xml:70
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr ""
+"El formato de la URI debe coincidir con el formato definido en RFC 2732:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:73
 msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
+msgstr "ldap[s]://&lt;host&gt;[:port]"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:76
 msgid ""
 "For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
 msgstr ""
+"Para direcciones IPv6 explícitas, &lt;host&gt; debe estar entre corchetes []"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:79
 msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
+msgstr "ejemplo: ldap://[fc00::126:25]:389"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:85
 msgid "ldap_chpass_uri (string)"
-msgstr ""
+msgstr "ldap_chpass_uri (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:88
@@ -1950,6 +2059,8 @@ msgstr ""
 #: sssd-ldap.5.xml:95
 msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
 msgstr ""
+"Para habilitar el servicio descubrimiento ldap_chpass_dns_service_name debe "
+"ser establecido."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:99
@@ -1959,12 +2070,14 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:105
 msgid "ldap_search_base (string)"
-msgstr ""
+msgstr "ldap_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:108
 msgid "The default base DN to use for performing LDAP user operations."
 msgstr ""
+"El DN base por defecto que se usará para realizar operaciones LDAP de "
+"usuario."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:112
@@ -1976,7 +2089,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:116
 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
+msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:119
@@ -1993,7 +2106,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:126
 msgid "Examples:"
-msgstr ""
+msgstr "Ejemplos:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:129
@@ -2032,7 +2145,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:158
 msgid "ldap_schema (string)"
-msgstr ""
+msgstr "ldap_schema (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:161
@@ -2051,12 +2164,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:180
 msgid "Default: rfc2307"
-msgstr ""
+msgstr "Predeterminado: rfc2307"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:186
 msgid "ldap_default_bind_dn (string)"
-msgstr ""
+msgstr "ldap_default_bind_dn (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:189
@@ -2066,7 +2179,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:196
 msgid "ldap_default_authtok_type (string)"
-msgstr ""
+msgstr "ldap_default_authtok_type (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:199
@@ -2076,17 +2189,17 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:203
 msgid "The two mechanisms currently supported are:"
-msgstr ""
+msgstr "Los dos mecanismos actualmente soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:206
 msgid "password"
-msgstr ""
+msgstr "contraseña"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:209
 msgid "obfuscated_password"
-msgstr ""
+msgstr "obfuscated_password"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:212
@@ -2096,7 +2209,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:218
 msgid "ldap_default_authtok (string)"
-msgstr ""
+msgstr "ldap_default_authtok (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:221
@@ -2108,127 +2221,132 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:228
 msgid "ldap_user_object_class (string)"
-msgstr ""
+msgstr "ldap_user_object_class (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:231
 msgid "The object class of a user entry in LDAP."
-msgstr ""
+msgstr "La clase de objeto de una entrada de usuario en LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:234
 msgid "Default: posixAccount"
-msgstr ""
+msgstr "Predeterminado: posixAccount"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:240
 msgid "ldap_user_name (string)"
-msgstr ""
+msgstr "ldap_user_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:243
 msgid "The LDAP attribute that corresponds to the user's login name."
 msgstr ""
+"El atributo LDAP que corresponde al nombre de inicio de sesión del usuario."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:247
 msgid "Default: uid"
-msgstr ""
+msgstr "Predeterminado: uid"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:253
 msgid "ldap_user_uid_number (string)"
-msgstr ""
+msgstr "ldap_user_uid_number (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:256
 msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
+msgstr "El atributo LDAP que corresponde al id de usuario."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:260
 msgid "Default: uidNumber"
-msgstr ""
+msgstr "Predeterminado: uidNumber"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:266
 msgid "ldap_user_gid_number (string)"
-msgstr ""
+msgstr "ldap_user_gid_number (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:269
 msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
+msgstr "El atributo LDAP que corresponde al id del grupo primario del usuario."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
 msgid "Default: gidNumber"
-msgstr ""
+msgstr "Predeterminado: gidNumber"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:279
 msgid "ldap_user_gecos (string)"
-msgstr ""
+msgstr "ldap_user_gecos (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:282
 msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
+msgstr "El atributo LDAP que corresponde al campo de gecos del usuario."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:286
 msgid "Default: gecos"
-msgstr ""
+msgstr "Predeterminado: gecos"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:292
 msgid "ldap_user_home_directory (string)"
-msgstr ""
+msgstr "ldap_user_home_directory (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:295
 msgid "The LDAP attribute that contains the name of the user's home directory."
 msgstr ""
+"El atributo LDAP que contiene el nombre del directorio principal del usuario."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:299
 msgid "Default: homeDirectory"
-msgstr ""
+msgstr "Predeterminado: homeDirectory"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:305
 msgid "ldap_user_shell (string)"
-msgstr ""
+msgstr "ldap_user_shell (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:308
 msgid "The LDAP attribute that contains the path to the user's default shell."
 msgstr ""
+"El atributo LDAP que contiene la ruta de acceso a la shell predeterminada "
+"del usuario."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:312
 msgid "Default: loginShell"
-msgstr ""
+msgstr "Predeterminado: loginShell"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:318
 msgid "ldap_user_uuid (string)"
-msgstr ""
+msgstr "ldap_user_uuid (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:321
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr ""
+"El atributo LDAP que contiene el GUID/UUID de un objeto de usuario LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
 msgid "Default: nsUniqueId"
-msgstr ""
+msgstr "Predeterminado: nsUniqueId"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:331
 msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
+msgstr "ldap_user_modify_timestamp (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
@@ -2236,16 +2354,18 @@ msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
 msgstr ""
+"El atributo LDAP que contiene la fecha y hora de la última modificación del "
+"objeto primario."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
 msgid "Default: modifyTimestamp"
-msgstr ""
+msgstr "Predeterminado: modifyTimestamp"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:344
 msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
+msgstr "ldap_user_shadow_last_change (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:347
@@ -2259,12 +2379,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:357
 msgid "Default: shadowLastChange"
-msgstr ""
+msgstr "Predeterminado: shadowLastChange"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:363
 msgid "ldap_user_shadow_min (string)"
-msgstr ""
+msgstr "ldap_user_shadow_min (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:366
@@ -2278,12 +2398,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:375
 msgid "Default: shadowMin"
-msgstr ""
+msgstr "Predeterminado: shadowMin"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:381
 msgid "ldap_user_shadow_max (string)"
-msgstr ""
+msgstr "ldap_user_shadow_max (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:384
@@ -2297,12 +2417,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:393
 msgid "Default: shadowMax"
-msgstr ""
+msgstr "Predeterminado: shadowMax"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:399
 msgid "ldap_user_shadow_warning (string)"
-msgstr ""
+msgstr "ldap_user_shadow_warning (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:402
@@ -2316,12 +2436,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:412
 msgid "Default: shadowWarning"
-msgstr ""
+msgstr "Predeterminado: shadowWarning"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:418
 msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
+msgstr "ldap_user_shadow_inactive (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:421
@@ -2335,12 +2455,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:431
 msgid "Default: shadowInactive"
-msgstr ""
+msgstr "Predeterminado: shadowInactive"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:437
 msgid "ldap_user_shadow_expire (string)"
-msgstr ""
+msgstr "ldap_user_shadow_expire (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:440
@@ -2354,12 +2474,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:450
 msgid "Default: shadowExpire"
-msgstr ""
+msgstr "Predeterminado: shadowExpire"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:456
 msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
+msgstr "ldap_user_krb_last_pwd_change (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:459
@@ -2372,12 +2492,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:465
 msgid "Default: krbLastPwdChange"
-msgstr ""
+msgstr "Predeterminado: krbLastPwdChange"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:471
 msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
+msgstr "ldap_user_krb_password_expiration (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:474
@@ -2389,12 +2509,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:480
 msgid "Default: krbPasswordExpiration"
-msgstr ""
+msgstr "Predeterminado: krbPasswordExpiration"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:486
 msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
+msgstr "ldap_user_ad_account_expires (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:489
@@ -2406,12 +2526,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:494
 msgid "Default: accountExpires"
-msgstr ""
+msgstr "Predeterminado: accountExpires"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:500
 msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
+msgstr "ldap_user_ad_user_account_control (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:503
@@ -2423,12 +2543,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:508
 msgid "Default: userAccountControl"
-msgstr ""
+msgstr "Predeterminado: userAccountControl"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:514
 msgid "ldap_ns_account_lock (string)"
-msgstr ""
+msgstr "ldap_ns_account_lock (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:517
@@ -2440,12 +2560,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:522
 msgid "Default: nsAccountLock"
-msgstr ""
+msgstr "Predeterminado: nsAccountLock"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:528
 msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
+msgstr "ldap_user_nds_login_disabled (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:531
@@ -2457,12 +2577,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
 msgid "Default: loginDisabled"
-msgstr ""
+msgstr "Predeterminado: loginDisabled"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:541
 msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
+msgstr "ldap_user_nds_login_expiration_time (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:544
@@ -2474,7 +2594,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:555
 msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
+msgstr "ldap_user_nds_login_allowed_time_map (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:558
@@ -2486,12 +2606,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:563
 msgid "Default: loginAllowedTimeMap"
-msgstr ""
+msgstr "Predeterminado: loginAllowedTimeMap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:569
 msgid "ldap_user_principal (string)"
-msgstr ""
+msgstr "ldap_user_principal (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:572
@@ -2503,7 +2623,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:576
 msgid "Default: krbPrincipalName"
-msgstr ""
+msgstr "Predeterminado: krbPrincipalName"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:582
@@ -2518,7 +2638,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:592
 msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
+msgstr "ldap_force_upper_case_realm (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:595
@@ -2532,7 +2652,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:608
 msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
+msgstr "ldap_enumeration_refresh_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:611
@@ -2544,14 +2664,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
 msgid "Default: 300"
-msgstr ""
+msgstr "Predeterminado: 300"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:622
-#, fuzzy
-#| msgid "reconnection_retries (integer)"
 msgid "ldap_purge_cache_timeout (integer)"
-msgstr "reconnection_retries (entero)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:625
@@ -2565,33 +2683,35 @@ msgstr ""
 #: sssd-ldap.5.xml:631
 msgid "Setting this option to zero will disable the cache cleanup operation."
 msgstr ""
+"Establecer esta opción en cero desactivará la operación de limpieza de la "
+"caché."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:635
 msgid "Default: 10800 (12 hours)"
-msgstr ""
+msgstr "Predeterminado: 10800 (12 horas)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:641
 msgid "ldap_user_fullname (string)"
-msgstr ""
+msgstr "ldap_user_fullname (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:644
 msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
+msgstr "El atributo LDAP que corresponde al nombre completo del usuario."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
 #: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
 #: sssd-ipa.5.xml:422
 msgid "Default: cn"
-msgstr ""
+msgstr "Predeterminado: cn"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:654
 msgid "ldap_user_member_of (string)"
-msgstr ""
+msgstr "ldap_user_member_of (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:657
@@ -2601,12 +2721,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
 msgid "Default: memberOf"
-msgstr ""
+msgstr "Predeterminado: memberOf"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:667
 msgid "ldap_user_authorized_service (string)"
-msgstr ""
+msgstr "ldap_user_authorized_service (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:670
@@ -2626,12 +2746,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:682
 msgid "Default: authorizedService"
-msgstr ""
+msgstr "Predeterminado: iluminada"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:688
 msgid "ldap_user_authorized_host (string)"
-msgstr ""
+msgstr "ldap_user_authorized_host (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:691
@@ -2651,77 +2771,77 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:702
 msgid "Default: host"
-msgstr ""
+msgstr "Default: host"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:708
 msgid "ldap_group_object_class (string)"
-msgstr ""
+msgstr "ldap_group_object_class (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:711
 msgid "The object class of a group entry in LDAP."
-msgstr ""
+msgstr "La clase de objeto de una entrada de grupo LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:714
 msgid "Default: posixGroup"
-msgstr ""
+msgstr "Por defecto: posixGroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:720
 msgid "ldap_group_name (string)"
-msgstr ""
+msgstr "ldap_group_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:723
 msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
+msgstr "El atributo LDAP que corresponde al nombre de grupo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:733
 msgid "ldap_group_gid_number (string)"
-msgstr ""
+msgstr "ldap_group_gid_number (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:736
 msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
+msgstr "El atributo LDAP que corresponde al id del grupo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:746
 msgid "ldap_group_member (string)"
-msgstr ""
+msgstr "ldap_group_member (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:749
 msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
+msgstr "El atributo LDAP que contiene los nombres de los miembros del grupo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:753
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
+msgstr "Valor predeterminado: memberuid (rfc2307) / member (rfc2307bis)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:759
 msgid "ldap_group_uuid (string)"
-msgstr ""
+msgstr "ldap_group_uuid (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:762
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
+msgstr "El atributo LDAP que contiene el UUID/GUID de un objeto de grupo LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:772
 msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
+msgstr "ldap_group_modify_timestamp (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:785
 msgid "ldap_group_nesting_level (integer)"
-msgstr ""
+msgstr "ldap_group_nesting_level (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:788
@@ -2734,17 +2854,17 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:795
 msgid "Default: 2"
-msgstr ""
+msgstr "Predeterminado: 2"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:801
 msgid "ldap_netgroup_object_class (string)"
-msgstr ""
+msgstr "ldap_netgroup_object_class (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:804
 msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
+msgstr "La clase de objeto de una entrada netgroup en LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:807
@@ -2754,17 +2874,17 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:811
 msgid "Default: nisNetgroup"
-msgstr ""
+msgstr "Predeterminado: nisNetgroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:817
 msgid "ldap_netgroup_name (string)"
-msgstr ""
+msgstr "ldap_netgroup_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:820
 msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
+msgstr "El atributo LDAP que corresponde al nombre del netgroup."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:824
@@ -2774,7 +2894,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:834
 msgid "ldap_netgroup_member (string)"
-msgstr ""
+msgstr "ldap_netgroup_member (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:837
@@ -2789,12 +2909,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:845
 msgid "Default: memberNisNetgroup"
-msgstr ""
+msgstr "Predeterminado: memberNisNetgroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:851
 msgid "ldap_netgroup_triple (string)"
-msgstr ""
+msgstr "ldap_netgroup_triple (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:854
@@ -2810,12 +2930,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:861
 msgid "Default: nisNetgroupTriple"
-msgstr ""
+msgstr "Predeterminado: nisNetgroupTriple"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:867
 msgid "ldap_netgroup_uuid (string)"
-msgstr ""
+msgstr "ldap_netgroup_uuid (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:870
@@ -2831,7 +2951,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:884
 msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
+msgstr "ldap_netgroup_modify_timestamp (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:900
@@ -2845,10 +2965,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:906
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: ipService"
-msgstr "Predeterminado: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:912
@@ -2864,10 +2982,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:925
-#, fuzzy
-#| msgid "full_name_format (string)"
 msgid "ldap_service_port (string)"
-msgstr "full_name_format (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:928
@@ -2881,10 +2997,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:938
-#, fuzzy
-#| msgid "re_expression (string)"
 msgid "ldap_service_proto (string)"
-msgstr "re_expression (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:941
@@ -2921,12 +3035,12 @@ msgstr ""
 #: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
 #: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
+msgstr "Predeterminado: el valor de <emphasis>ldap_search_base</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:970
 msgid "ldap_search_timeout (integer)"
-msgstr ""
+msgstr "ldap_search_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:973
@@ -2947,12 +3061,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
 msgid "Default: 6"
-msgstr ""
+msgstr "Predeterminado: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:991
 msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
+msgstr "ldap_enumeration_search_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:994
@@ -2965,12 +3079,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1001
 msgid "Default: 60"
-msgstr ""
+msgstr "Predeterminado: 60"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1007
 msgid "ldap_network_timeout (integer)"
-msgstr ""
+msgstr "ldap_network_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1010
@@ -2986,7 +3100,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1033
 msgid "ldap_opt_timeout (integer)"
-msgstr ""
+msgstr "ldap_opt_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1036
@@ -2999,7 +3113,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1048
 msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
+msgstr "ldap_connection_expire_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1051
@@ -3013,12 +3127,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1059
 msgid "Default: 900 (15 minutes)"
-msgstr ""
+msgstr "Predeterminado: 900 (15 minutos)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1065
 msgid "ldap_page_size (integer)"
-msgstr ""
+msgstr "ldap_page_size (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1068
@@ -3030,7 +3144,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1073
 msgid "Default: 1000"
-msgstr ""
+msgstr "Predeterminado: 1000"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1079
@@ -3063,7 +3177,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1103
 msgid "ldap_deref_threshold (integer)"
-msgstr ""
+msgstr "ldap_deref_threshold (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1106
@@ -3099,7 +3213,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1137
 msgid "ldap_tls_reqcert (string)"
-msgstr ""
+msgstr "ldap_tls_reqcert (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1140
@@ -3142,17 +3256,17 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1169
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
+msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1173
 msgid "Default: hard"
-msgstr ""
+msgstr "Predeterminado: hard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1179
 msgid "ldap_tls_cacert (string)"
-msgstr ""
+msgstr "ldap_tls_cacert (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1182
@@ -3171,7 +3285,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1194
 msgid "ldap_tls_cacertdir (string)"
-msgstr ""
+msgstr "ldap_tls_cacertdir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1197
@@ -3185,7 +3299,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1212
 msgid "ldap_tls_cert (string)"
-msgstr ""
+msgstr "ldap_tls_cert (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1215
@@ -3196,22 +3310,22 @@ msgstr ""
 #: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
 #: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
 msgid "Default: not set"
-msgstr ""
+msgstr "Predeterminado: no definido"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1225
 msgid "ldap_tls_key (string)"
-msgstr ""
+msgstr "ldap_tls_key (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1228
 msgid "Specifies the file that contains the client's key."
-msgstr ""
+msgstr "Especifica el archivo que contiene la clave del cliente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1237
 msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
+msgstr "ldap_tls_cipher_suite (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1240
@@ -3236,7 +3350,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1266
 msgid "ldap_sasl_mech (string)"
-msgstr ""
+msgstr "ldap_sasl_mech (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1269
@@ -3244,16 +3358,18 @@ msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
 msgstr ""
+"Especifica el mecanismo SASL a emplear.  Actualmente sólo GSSAPI está "
+"probado y soportado."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
 msgid "Default: none"
-msgstr ""
+msgstr "Predeterminado: none"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1279
 msgid "ldap_sasl_authid (string)"
-msgstr ""
+msgstr "ldap_sasl_authid (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1282
@@ -3265,12 +3381,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1287
 msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
+msgstr "Predeterminado: host/machine.fqdn@REALM"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1293
 msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
+msgstr "ldap_sasl_canonicalize (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1296
@@ -3282,12 +3398,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1301
 msgid "Default: false;"
-msgstr ""
+msgstr "Predeterminado: false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1307
 msgid "ldap_krb5_keytab (string)"
-msgstr ""
+msgstr "ldap_krb5_keytab (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1310
@@ -3315,7 +3431,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1334
 msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
+msgstr "ldap_krb5_ticket_lifetime (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1337
@@ -3325,12 +3441,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1341
 msgid "Default: 86400 (24 hours)"
-msgstr ""
+msgstr "Predeterminado: 86400 (24 horas)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
 msgid "krb5_server (string)"
-msgstr ""
+msgstr "krb5_server (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
@@ -3363,7 +3479,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
-msgstr ""
+msgstr "krb5_realm (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1379
@@ -3374,11 +3490,13 @@ msgstr ""
 #: sssd-ldap.5.xml:1382
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
+"Predeterminado: Predeterminados del sistema, vea <filename>/etc/krb5.conf</"
+"filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
 msgid "krb5_canonicalize (boolean)"
-msgstr ""
+msgstr "krb5_canonicalize (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1391
@@ -3390,7 +3508,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1403
 msgid "ldap_pwd_policy (string)"
-msgstr ""
+msgstr "ldap_pwd_policy (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1406
@@ -3398,6 +3516,8 @@ msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
+"Seleccione la política para evaluar la caducidad de la contraseña en el lado "
+"del cliente. Los siguientes valores son permitidos:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1411
@@ -3408,19 +3528,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1416
-#, fuzzy
-#| msgid ""
-#| "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-#| "manvolnum> </citerefentry>-compatible format that describes how to "
-#| "translate a (name, domain) tuple into a fully qualified name."
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
 "evaluate if the password has expired."
 msgstr ""
-"Un formato compatible con <citerefentry> <refentrytitle>printf</"
-"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> que describe cómo "
-"traducir una tupla (nombre, dominio), a un nombre totalmente calificado."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1422
@@ -3433,7 +3545,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1434
 msgid "ldap_referrals (boolean)"
-msgstr ""
+msgstr "ldap_referrals (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1437
@@ -3450,22 +3562,24 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1452
 msgid "ldap_dns_service_name (string)"
-msgstr ""
+msgstr "ldap_dns_service_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1455
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
+"Especifica el nombre del servicio para utilizar cuando está habilitado el "
+"servicio de descubrimiento."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1459
 msgid "Default: ldap"
-msgstr ""
+msgstr "Predeterminado: ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1465
 msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
+msgstr "ldap_chpass_dns_service_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1468
@@ -3473,6 +3587,9 @@ msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
+"Especifica el nombre del servicio para utilizar al buscar un servidor LDAP "
+"que permita cambios de contraseña cuando está habilitado el servicio de "
+"descubrimiento."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1473
@@ -3482,7 +3599,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1479
 msgid "ldap_access_filter (string)"
-msgstr ""
+msgstr "ldap_access_filter (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1482
@@ -3497,7 +3614,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
 msgid "Example:"
-msgstr ""
+msgstr "Ejemplo:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 #: sssd-ldap.5.xml:1495
@@ -3507,6 +3624,9 @@ msgid ""
 "ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
 "                        "
 msgstr ""
+"access_provider = ldap\n"
+"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+"                        "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1499
@@ -3527,12 +3647,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
 msgid "Default: Empty"
-msgstr ""
+msgstr "Predeterminado: vacío"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1518
 msgid "ldap_account_expire_policy (string)"
-msgstr ""
+msgstr "ldap_account_expire_policy (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1521
@@ -3552,7 +3672,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1532
 msgid "The following values are allowed:"
-msgstr ""
+msgstr "Los siguientes valores están permitidos:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1535
@@ -3590,22 +3710,24 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1568
 msgid "ldap_access_order (string)"
-msgstr ""
+msgstr "ldap_access_order (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1571
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
+"Lista separada por coma de opciones de control de acceso.  Los valores "
+"permitidos son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1575
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
+msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1578
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
+msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1582
@@ -3613,6 +3735,8 @@ msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
+"<emphasis>authorized_service</emphasis>: utilizar el atributo "
+"autorizedService para determinar el acceso"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1587
@@ -3622,7 +3746,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1591
 msgid "Default: filter"
-msgstr ""
+msgstr "Predeterminado: filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1594
@@ -3630,11 +3754,13 @@ msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
+"Tenga en cuenta que es un error de configuración si un valor es usado más de "
+"una vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1601
 msgid "ldap_deref (string)"
-msgstr ""
+msgstr "ldap_deref (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1604
@@ -3688,10 +3814,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:1639
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "SUDO OPTIONS"
-msgstr "OPCIONES"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1644
@@ -3705,17 +3829,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1650
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: sudoRole"
-msgstr "Predeterminado: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1656
-#, fuzzy
-#| msgid "full_name_format (string)"
 msgid "ldap_sudorule_name (string)"
-msgstr "full_name_format (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1659
@@ -3734,10 +3854,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1676
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: sudoCommand"
-msgstr "Predeterminado: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1682
@@ -3753,10 +3871,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1690
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: sudoHost"
-msgstr "Predeterminado: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1696
@@ -3772,17 +3888,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1703
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: sudoUser"
-msgstr "Predeterminado: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1709
-#, fuzzy
-#| msgid "re_expression (string)"
 msgid "ldap_sudorule_option (string)"
-msgstr "re_expression (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1712
@@ -3791,10 +3903,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1716
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: sudoOption"
-msgstr "Predeterminado: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1722
@@ -3876,10 +3986,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1782
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: sudoOrder"
-msgstr "Predeterminado: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1788
@@ -3913,17 +4021,15 @@ msgstr ""
 #: sssd-ldap.5.xml:1815
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
+"explanation of sudo related attribute semantics, see <citerefentry> "
 "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
 "citerefentry>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:1825
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "AUTOFS OPTIONS"
-msgstr "OPCIONES"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1827
@@ -3959,10 +4065,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1853
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: ou"
-msgstr "Predeterminado: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1860
@@ -4003,12 +4107,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:1904
 msgid "ADVANCED OPTIONS"
-msgstr ""
+msgstr "OPCIONES AVANZADAS"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1911
 msgid "ldap_netgroup_search_base (string)"
-msgstr ""
+msgstr "ldap_netgroup_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1914
@@ -4019,7 +4123,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1930
 msgid "ldap_user_search_base (string)"
-msgstr ""
+msgstr "ldap_user_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1933
@@ -4029,7 +4133,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1949
 msgid "ldap_group_search_base (string)"
-msgstr ""
+msgstr "ldap_group_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1952
@@ -4039,7 +4143,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1968
 msgid "ldap_user_search_filter (string)"
-msgstr ""
+msgstr "ldap_user_search_filter (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1971
@@ -4062,6 +4166,8 @@ msgid ""
 "                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
 "                        "
 msgstr ""
+"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
+"                        "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1988
@@ -4073,7 +4179,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1995
 msgid "ldap_group_search_filter (string)"
-msgstr ""
+msgstr "ldap_group_search_filter (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1998
@@ -4140,17 +4246,25 @@ msgid ""
 "    cache_credentials = true\n"
 "    enumerate = true\n"
 msgstr ""
+"    [domain/LDAP]\n"
+"    id_provider = ldap\n"
+"    auth_provider = ldap\n"
+"    ldap_uri = ldap://ldap.mydomain.org\n"
+"    ldap_search_base = dc=mydomain,dc=org\n"
+"    ldap_tls_reqcert = demand\n"
+"    cache_credentials = true\n"
+"    enumerate = true\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
 #: sssd-krb5.5.xml:441
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
+msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
 msgid "NOTES"
-msgstr ""
+msgstr "NOTAS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:2087
@@ -4169,6 +4283,10 @@ msgid ""
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 msgstr ""
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 
 #. type: Content of: <refentryinfo>
 #: pam_sss.8.xml:8 include/upstream.xml:2
@@ -4176,16 +4294,18 @@ msgid ""
 "<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
 "fedorahosted.org/sssd</orgname>"
 msgstr ""
+"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
+"fedorahosted.org/sssd</orgname>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: pam_sss.8.xml:13 pam_sss.8.xml:18
 msgid "pam_sss"
-msgstr ""
+msgstr "pam_sss"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: pam_sss.8.xml:19
 msgid "PAM module for SSSD"
-msgstr ""
+msgstr "Módulo PAM para SSSD"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: pam_sss.8.xml:24
@@ -4197,6 +4317,12 @@ msgid ""
 "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
 "arg>"
 msgstr ""
+"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
+"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: pam_sss.8.xml:45
@@ -4209,7 +4335,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:55
 msgid "<option>quiet</option>"
-msgstr ""
+msgstr "<option>quiet</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:58
@@ -4219,7 +4345,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:63
 msgid "<option>forward_pass</option>"
-msgstr ""
+msgstr "<option>forward_pass</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:66
@@ -4231,7 +4357,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:73
 msgid "<option>use_first_pass</option>"
-msgstr ""
+msgstr "<option>use_first_pass</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:76
@@ -4244,7 +4370,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:84
 msgid "<option>use_authtok</option>"
-msgstr ""
+msgstr "<option>use_authtok</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:87
@@ -4256,7 +4382,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:94
 msgid "<option>retry=N</option>"
-msgstr ""
+msgstr "<option>retry=N</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:97
@@ -4288,7 +4414,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:117
 msgid "FILES"
-msgstr ""
+msgstr "ARCHIVOS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: pam_sss.8.xml:118
@@ -4324,11 +4450,13 @@ msgid ""
 "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
 "manvolnum> </citerefentry>"
 msgstr ""
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
 msgid "sssd_krb5_locator_plugin"
-msgstr ""
+msgstr "sssd_krb5_locator_plugin"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd_krb5_locator_plugin.8.xml:22
@@ -4380,11 +4508,15 @@ msgid ""
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 msgstr ""
+"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-simple.5.xml:10 sssd-simple.5.xml:16
 msgid "sssd-simple"
-msgstr ""
+msgstr "sssd-simple"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-simple.5.xml:17
@@ -4412,7 +4544,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-simple.5.xml:43
 msgid "If all lists are empty, access is granted"
-msgstr ""
+msgstr "Si todas las listas están vacías, se concede acceso"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-simple.5.xml:47
@@ -4438,7 +4570,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-simple.5.xml:78
 msgid "simple_allow_users (string)"
-msgstr ""
+msgstr "simple_allow_users (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-simple.5.xml:81
@@ -4448,7 +4580,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-simple.5.xml:88
 msgid "simple_deny_users (string)"
-msgstr ""
+msgstr "simple_deny_users (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-simple.5.xml:91
@@ -4458,7 +4590,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-simple.5.xml:97
 msgid "simple_allow_groups (string)"
-msgstr ""
+msgstr "simple_allow_groups (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-simple.5.xml:100
@@ -4470,7 +4602,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-simple.5.xml:108
 msgid "simple_deny_groups (string)"
-msgstr ""
+msgstr "simple_deny_groups (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-simple.5.xml:111
@@ -4512,6 +4644,9 @@ msgid ""
 "    access_provider = simple\n"
 "    simple_allow_users = user1, user2\n"
 msgstr ""
+"    [domain/example.com]\n"
+"    access_provider = simple\n"
+"    simple_allow_users = user1, user2\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-simple.5.xml:145
@@ -4520,11 +4655,14 @@ msgid ""
 "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 msgstr ""
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
 msgid "sssd-ipa"
-msgstr ""
+msgstr "sssd-ipa"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:23
@@ -4568,7 +4706,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:72
 msgid "ipa_domain (string)"
-msgstr ""
+msgstr "ipa_domain (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:75
@@ -4580,7 +4718,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:83
 msgid "ipa_server (string)"
-msgstr ""
+msgstr "ipa_server (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:86
@@ -4595,7 +4733,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:99
 msgid "ipa_hostname (string)"
-msgstr ""
+msgstr "ipa_hostname (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:102
@@ -4607,7 +4745,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:110
 msgid "ipa_dyndns_update (boolean)"
-msgstr ""
+msgstr "ipa_dyndns_update (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:113
@@ -4626,7 +4764,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:129
 msgid "ipa_dyndns_iface (string)"
-msgstr ""
+msgstr "ipa_dyndns_iface (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:132
@@ -4638,12 +4776,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:137
 msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
+msgstr "Predeterminado: Utilizar la dirección IP de la conexión IPA LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:143
 msgid "ipa_hbac_search_base (string)"
-msgstr ""
+msgstr "ipa_hbac_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:146
@@ -4653,7 +4791,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:150
 msgid "Default: Use base DN"
-msgstr ""
+msgstr "Predeterminado: Utilizar DN base"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:156
@@ -4686,7 +4824,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
 msgid "krb5_validate (boolean)"
-msgstr ""
+msgstr "krb5_validate (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
@@ -4727,7 +4865,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:247
 msgid "ipa_hbac_refresh (integer)"
-msgstr ""
+msgstr "ipa_hbac_refresh (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:250
@@ -4740,12 +4878,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:257
 msgid "Default: 5 (seconds)"
-msgstr ""
+msgstr "Predeterminado: 5 (segundos)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:262
 msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
+msgstr "ipa_hbac_treat_deny_as (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:265
@@ -4773,12 +4911,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:284
 msgid "Default: DENY_ALL"
-msgstr ""
+msgstr "Predeterminado: DENY_ALL"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:289
 msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
+msgstr "ipa_hbac_support_srchost (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:292
@@ -4796,10 +4934,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:307
-#, fuzzy
-#| msgid "re_expression (string)"
 msgid "ipa_automount_location (string)"
-msgstr "re_expression (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:310
@@ -4814,7 +4950,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:319
 msgid "ipa_netgroup_member_of (string)"
-msgstr ""
+msgstr "ipa_netgroup_member_of (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:322
@@ -4824,7 +4960,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:331
 msgid "ipa_netgroup_member_user (string)"
-msgstr ""
+msgstr "ipa_netgroup_member_user (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:334
@@ -4836,12 +4972,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
 msgid "Default: memberUser"
-msgstr ""
+msgstr "Predeterminado: memberUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:344
 msgid "ipa_netgroup_member_host (string)"
-msgstr ""
+msgstr "ipa_netgroup_member_host (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:347
@@ -4853,12 +4989,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
 msgid "Default: memberHost"
-msgstr ""
+msgstr "Predeterminado: memberHost"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:356
 msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
+msgstr "ipa_netgroup_member_ext_host (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:359
@@ -4870,12 +5006,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:363
 msgid "Default: externalHost"
-msgstr ""
+msgstr "Predeterminado: externalHost"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:368
 msgid "ipa_netgroup_domain (string)"
-msgstr ""
+msgstr "ipa_netgroup_domain (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:371
@@ -4885,12 +5021,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:375
 msgid "Default: nisDomainName"
-msgstr ""
+msgstr "Predeterminado: nisDomainName"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:381
 msgid "ipa_host_object_class (string)"
-msgstr ""
+msgstr "ipa_host_object_class (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
@@ -4900,7 +5036,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
 msgid "Default: ipaHost"
-msgstr ""
+msgstr "Predeterminado: ipaHost"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:392
@@ -4969,10 +5105,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:459
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: seeAlso"
-msgstr "Predeterminado: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:464
@@ -5048,10 +5182,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:519
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: ipaUniqueID"
-msgstr "Predeterminado: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:524
@@ -5085,6 +5217,10 @@ msgid ""
 "    ipa_server = ipaserver.example.com\n"
 "    ipa_hostname = myhost.example.com\n"
 msgstr ""
+"    [domain/example.com]\n"
+"    id_provider = ipa\n"
+"    ipa_server = ipaserver.example.com\n"
+"    ipa_hostname = myhost.example.com\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:564
@@ -5096,16 +5232,22 @@ msgid ""
 "citerefentry>, <citerefentry> <refentrytitle>sssd</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 msgstr ""
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd.8.xml:10 sssd.8.xml:15
 msgid "sssd"
-msgstr ""
+msgstr "sssd"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd.8.xml:16
 msgid "System Security Services Daemon"
-msgstr ""
+msgstr "System Security Services Daemon"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sssd.8.xml:21
@@ -5113,6 +5255,8 @@ msgid ""
 "<command>sssd</command> <arg choice='opt'> <replaceable>options</"
 "replaceable> </arg>"
 msgstr ""
+"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.8.xml:31
@@ -5132,47 +5276,53 @@ msgid ""
 "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
 "replaceable>"
 msgstr ""
+"<option>-d</option>,<option>--debug-level</option> <replaceable>NIVEL</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:53
 msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
+msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:57
 msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
 msgstr ""
+"<emphasis>1</emphasis>: Agregar marca de tiempo a mensajes de depuración "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:60
 msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
 msgstr ""
+"<emphasis>0</emphasis>: Desactiva marca de tiempo en mensajes de depuración"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:69
 msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
+msgstr "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:73
 msgid ""
 "<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
 msgstr ""
+"<emphasis>1</emphasis>: Agregar microsegundos a la marca de tiempo en "
+"mensajes de depuración"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:76
 msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
+msgstr "<emphasis>0</emphasis>: Desactiva microsegundos en marcas de tiempo"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:79
 msgid "Default: 0"
-msgstr ""
+msgstr "Predeterminado: 0"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:85
 msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
+msgstr "<option>-f</option>,<option>--debug-to-files</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:89
@@ -5185,30 +5335,30 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:97
 msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
+msgstr "<option>-D</option>,<option>--daemon</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:101
 msgid "Become a daemon after starting up."
-msgstr ""
+msgstr "Convertido en un demonio después de la puesta en marcha."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:107
 msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
+msgstr "<option>-i</option>,<option>--interactive</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:111
 msgid "Run in the foreground, don't become a daemon."
-msgstr ""
+msgstr "Ejecutar en primer plano, no convertirse en un demonio."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
+#: sssd.8.xml:117 sss_debuglevel.8.xml:42
 msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
+msgstr "<option>-c</option>,<option>--config</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
+#: sssd.8.xml:121 sss_debuglevel.8.xml:46
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -5219,7 +5369,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:135
 msgid "<option>--version</option>"
-msgstr ""
+msgstr "<option>--version</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:139
@@ -5229,12 +5379,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd.8.xml:147
 msgid "Signals"
-msgstr ""
+msgstr "Señales"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:150
 msgid "SIGTERM/SIGINT"
-msgstr ""
+msgstr "SIGTERM/SIGINT"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:153
@@ -5246,7 +5396,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:159
 msgid "SIGHUP"
-msgstr ""
+msgstr "SIGHUP"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:162
@@ -5259,7 +5409,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:170
 msgid "SIGUSR1"
-msgstr ""
+msgstr "SIGUSR1"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:173
@@ -5271,7 +5421,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:179
 msgid "SIGUSR2"
-msgstr ""
+msgstr "SIGUSR2"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:182
@@ -5295,11 +5445,22 @@ msgid ""
 "<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>."
 msgstr ""
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
 msgid "sss_obfuscate"
-msgstr ""
+msgstr "sss_obfuscate"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_obfuscate.8.xml:16
@@ -5313,6 +5474,9 @@ msgid ""
 "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
 "replaceable></arg>"
 msgstr ""
+"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>[CONTRASEÑA]</"
+"replaceable></arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_obfuscate.8.xml:32
@@ -5347,7 +5511,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:63
 msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
+msgstr "<option>-s</option>,<option>--stdin</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_obfuscate.8.xml:67
@@ -5355,11 +5519,14 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:82
+#: sss_ssh_knownhostsproxy.1.xml:81
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
 msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMINIO</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_obfuscate.8.xml:79
@@ -5373,6 +5540,8 @@ msgstr ""
 msgid ""
 "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
 msgstr ""
+"<option>-f</option>,<option>--file</option> <replaceable>ARCHIVO</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_obfuscate.8.xml:91
@@ -5382,7 +5551,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_obfuscate.8.xml:95
 msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
+msgstr "Predeterminado: <filename>/etc/sssd/sssd.conf</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_obfuscate.8.xml:105
@@ -5390,16 +5559,18 @@ msgid ""
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>"
 msgstr ""
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_useradd.8.xml:10 sss_useradd.8.xml:15
 msgid "sss_useradd"
-msgstr ""
+msgstr "sss_useradd"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_useradd.8.xml:16
 msgid "create a new user"
-msgstr ""
+msgstr "Crea un nuevo usuario"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_useradd.8.xml:21
@@ -5408,6 +5579,9 @@ msgid ""
 "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
 "arg>"
 msgstr ""
+"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_useradd.8.xml:32
@@ -5421,6 +5595,7 @@ msgstr ""
 msgid ""
 "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
 msgstr ""
+"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:48
@@ -5435,6 +5610,8 @@ msgid ""
 "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
 "replaceable>"
 msgstr ""
+"<option>-c</option>,<option>--gecos</option> <replaceable>COMENTARIO</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:60 sss_usermod.8.xml:48
@@ -5449,6 +5626,8 @@ msgid ""
 "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
 "replaceable>"
 msgstr ""
+"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:72
@@ -5465,6 +5644,7 @@ msgstr ""
 msgid ""
 "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
 msgstr ""
+"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:87
@@ -5480,6 +5660,8 @@ msgid ""
 "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
 "replaceable>"
 msgstr ""
+"<option>-G</option>,<option>--groups</option> <replaceable>GRUPOS</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:101
@@ -5489,7 +5671,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:107
 msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
+msgstr "<option>-m</option>,<option>--create-home</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:111
@@ -5502,13 +5684,15 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:121
 msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
+msgstr "<option>-M</option>,<option>--no-create-home</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:125
 msgid ""
 "Do not create the user's home directory. Overrides configuration settings."
 msgstr ""
+"No se crear el directorio principal del usuario. Reemplaza los valores de "
+"configuración."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:132
@@ -5516,6 +5700,8 @@ msgid ""
 "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
 "replaceable>"
 msgstr ""
+"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:137
@@ -5539,6 +5725,8 @@ msgid ""
 "<option>-Z</option>,<option>--selinux-user</option> "
 "<replaceable>SELINUX_USER</replaceable>"
 msgstr ""
+"<option>-Z</option>,<option>--selinux-user</option> "
+"<replaceable>SELINUX_USER</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:157
@@ -5560,11 +5748,20 @@ msgid ""
 "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 msgstr ""
+"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
 msgid "sssd-krb5"
-msgstr ""
+msgstr "sssd-krb5"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-krb5.5.xml:23
@@ -5619,7 +5816,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:113
 msgid "krb5_kpasswd (string)"
-msgstr ""
+msgstr "krb5_kpasswd (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:116
@@ -5641,7 +5838,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:129
 msgid "Default: Use the KDC"
-msgstr ""
+msgstr "Predeterminado: Use the KDC"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:135
@@ -5663,7 +5860,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:151
 msgid "Default: /tmp"
-msgstr ""
+msgstr "Predeterminado: /tmp"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:157
@@ -5688,7 +5885,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:179
 msgid "%r"
-msgstr ""
+msgstr "%r"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:180
@@ -5698,7 +5895,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:183
 msgid "%h"
-msgstr ""
+msgstr "%h"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:184
@@ -5708,17 +5905,17 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:189
 msgid "value of krb5ccache_dir"
-msgstr ""
+msgstr "valor de krb5ccache_dir"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:194
 msgid "%P"
-msgstr ""
+msgstr "%P"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:195
 msgid "the process ID of the sssd client"
-msgstr ""
+msgstr "el ID de proceso del cliente sssd"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:160
@@ -5733,12 +5930,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:209
 msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
+msgstr "Predeterminado: FILE:%d/krb5cc_%U_XXXXXX"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:215
 msgid "krb5_auth_timeout (integer)"
-msgstr ""
+msgstr "krb5_auth_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:218
@@ -5750,7 +5947,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:241
 msgid "krb5_keytab (string)"
-msgstr ""
+msgstr "krb5_keytab (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:244
@@ -5762,12 +5959,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:248
 msgid "Default: /etc/krb5.keytab"
-msgstr ""
+msgstr "Predeterminado: /etc/krb5.keytab"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:254
 msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
+msgstr "krb5_store_password_if_offline (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:257
@@ -5787,7 +5984,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:275
 msgid "krb5_renewable_lifetime (string)"
-msgstr ""
+msgstr "krb5_renewable_lifetime (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:278
@@ -5799,22 +5996,22 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
 msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
+msgstr "<emphasis>s</emphasis> segundos"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
 msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
+msgstr "<emphasis>m</emphasis> minutos"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
 msgid "<emphasis>h</emphasis> hours"
-msgstr ""
+msgstr "<emphasis>h</emphasis> horas"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
 msgid "<emphasis>d</emphasis> days."
-msgstr ""
+msgstr "<emphasis>d</emphasis> días."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
@@ -5837,7 +6034,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:311
 msgid "krb5_lifetime (string)"
-msgstr ""
+msgstr "krb5_lifetime (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:314
@@ -5862,7 +6059,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:347
 msgid "krb5_renew_interval (integer)"
-msgstr ""
+msgstr "krb5_renew_interval (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:350
@@ -5879,7 +6076,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:365
 msgid "krb5_use_fast (string)"
-msgstr ""
+msgstr "krb5_use_fast (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:368
@@ -5930,7 +6127,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:400
 msgid "krb5_fast_principal (string)"
-msgstr ""
+msgstr "krb5_fast_principal (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:403
@@ -5972,6 +6169,10 @@ msgid ""
 "    krb5_server = 192.168.1.1\n"
 "    krb5_realm = EXAMPLE.COM\n"
 msgstr ""
+"    [domain/FOO]\n"
+"    auth_provider = krb5\n"
+"    krb5_server = 192.168.1.1\n"
+"    krb5_realm = EXAMPLE.COM\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-krb5.5.xml:453
@@ -5981,16 +6182,20 @@ msgid ""
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 msgstr ""
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
 msgid "sss_groupadd"
-msgstr ""
+msgstr "sss_groupadd"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_groupadd.8.xml:16
 msgid "create a new group"
-msgstr ""
+msgstr "Crea un nuevo grupo"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_groupadd.8.xml:21
@@ -5999,6 +6204,9 @@ msgid ""
 "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
 "arg>"
 msgstr ""
+"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GRUPO</replaceable></"
+"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_groupadd.8.xml:32
@@ -6013,6 +6221,7 @@ msgstr ""
 msgid ""
 "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
 msgstr ""
+"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_groupadd.8.xml:48
@@ -6034,16 +6243,25 @@ msgid ""
 "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 msgstr ""
+"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_userdel.8.xml:10 sss_userdel.8.xml:15
 msgid "sss_userdel"
-msgstr ""
+msgstr "sss_userdel"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_userdel.8.xml:16
 msgid "delete a user account"
-msgstr ""
+msgstr "eliminar una cuenta de usuario"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_userdel.8.xml:21
@@ -6052,6 +6270,9 @@ msgid ""
 "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
 "arg>"
 msgstr ""
+"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_userdel.8.xml:32
@@ -6063,7 +6284,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_userdel.8.xml:44
 msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
+msgstr "<option>-r</option>,<option>--remove</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_userdel.8.xml:48
@@ -6075,7 +6296,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_userdel.8.xml:56
 msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
+msgstr "<option>-R</option>,<option>--no-remove</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_userdel.8.xml:60
@@ -6087,7 +6308,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_userdel.8.xml:68
 msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
+msgstr "<option>-f</option>,<option>--force</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_userdel.8.xml:72
@@ -6099,12 +6320,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_userdel.8.xml:80
 msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
+msgstr "<option>-k</option>,<option>--kick</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_userdel.8.xml:84
 msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
+msgstr "Antes de realmente eliminar al usuario, terminar todos sus procesos."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_userdel.8.xml:95
@@ -6119,16 +6340,25 @@ msgid ""
 "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 msgstr ""
+"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
 msgid "sss_groupdel"
-msgstr ""
+msgstr "sss_groupdel"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_groupdel.8.xml:16
 msgid "delete a group"
-msgstr ""
+msgstr "eliminar un grupo"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_groupdel.8.xml:21
@@ -6137,6 +6367,9 @@ msgid ""
 "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
 "arg>"
 msgstr ""
+"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GRUPO</replaceable></"
+"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_groupdel.8.xml:32
@@ -6158,11 +6391,20 @@ msgid ""
 "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 msgstr ""
+"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
 msgid "sss_groupshow"
-msgstr ""
+msgstr "sss_groupshow"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_groupshow.8.xml:16
@@ -6176,6 +6418,9 @@ msgid ""
 "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
 "arg>"
 msgstr ""
+"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GRUPO</replaceable></"
+"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_groupshow.8.xml:32
@@ -6188,7 +6433,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_groupshow.8.xml:43
 msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
+msgstr "<option>-R</option>,<option>--recursive</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_groupshow.8.xml:47
@@ -6210,16 +6455,24 @@ msgid ""
 "<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>."
 msgstr ""
+"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_usermod.8.xml:10 sss_usermod.8.xml:15
 msgid "sss_usermod"
-msgstr ""
+msgstr "sss_usermod"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_usermod.8.xml:16
 msgid "modify a user account"
-msgstr ""
+msgstr "Modifica una cuenta de usuario"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_usermod.8.xml:21
@@ -6228,6 +6481,9 @@ msgid ""
 "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
 "arg>"
 msgstr ""
+"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_usermod.8.xml:32
@@ -6240,12 +6496,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_usermod.8.xml:60
 msgid "The home directory of the user account."
-msgstr ""
+msgstr "El directorio principal de la cuenta de usuario."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_usermod.8.xml:71
 msgid "The user's login shell."
-msgstr ""
+msgstr "Shell de inicio de sesión del usuario."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_usermod.8.xml:82
@@ -6265,7 +6521,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_usermod.8.xml:103
 msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
+msgstr "<option>-l</option>,<option>--lock</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_usermod.8.xml:107
@@ -6275,7 +6531,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_usermod.8.xml:114
 msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
+msgstr "<option>-u</option>,<option>--unlock</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_usermod.8.xml:118
@@ -6300,11 +6556,335 @@ msgid ""
 "citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 msgstr ""
+"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_cache.8.xml:10 sss_cache.8.xml:15
+msgid "sss_cache"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_cache.8.xml:16
+msgid "perform cache cleanup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_cache.8.xml:21
+msgid ""
+"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_cache.8.xml:31
+msgid ""
+"<command>sss_cache</command> invalidates records in SSSD cache.  Invalidated "
+"records are forced to be reloaded from server as soon as related SSSD "
+"backend is online."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:42
+msgid ""
+"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:47
+msgid "Invalidate specific user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:53
+msgid "<option>-U</option>,<option>--users</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:57
+msgid ""
+"Invalidate all user records. This option overrides invalidation of specific "
+"user if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:64
+msgid ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:69
+msgid "Invalidate specific group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:75
+msgid "<option>-G</option>,<option>--groups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:79
+msgid ""
+"Invalidate all group records. This option overrides invalidation of specific "
+"group if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:86
+msgid ""
+"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:91
+msgid "Invalidate specific netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:97
+msgid "<option>-N</option>,<option>--netgroups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:101
+msgid ""
+"Invalidate all netgroup records. This option overrides invalidation of "
+"specific netgroup if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:108
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:113
+msgid "Restrict invalidation process only to a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
+msgid "sss_debuglevel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_debuglevel.8.xml:16
+msgid "change debug level while SSSD is running"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_debuglevel.8.xml:21
+msgid ""
+"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
+"replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_debuglevel.8.xml:32
+msgid ""
+"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
+"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
+"running."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_debuglevel.8.xml:59
+msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
+msgid "sss_ssh_authorizedkeys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
+msgid "1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_authorizedkeys.1.xml:16
+msgid "get OpenSSH authorized keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_authorizedkeys.1.xml:21
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>USER</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:32
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
+"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
+"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> for more information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:41
+msgid ""
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
+"command> for public key user authentication if it is compiled with support "
+"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
+"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:58
+#, no-wrap
+msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:51
+msgid ""
+"If <quote>AuthorizedKeysCommand</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by putting the following directive "
+"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:69
+#, no-wrap
+msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:62
+msgid ""
+"If <quote>PubkeyAgent</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by using the following directive "
+"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:87
+msgid ""
+"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:98
+msgid ""
+"<citerefentry> <refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sshd_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
+msgid "sss_ssh_knownhostsproxy"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_knownhostsproxy.1.xml:16
+msgid "get OpenSSH host keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_knownhostsproxy.1.xml:21
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
+"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:33
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
+"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
+"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
+"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> for more information)  <filename>/var/lib/sss/"
+"pubconf/known_hosts</filename> and estabilishes connection to the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:43
+msgid ""
+"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
+"create the connection to the host instead of opening a socket."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_knownhostsproxy.1.xml:55
+#, no-wrap
+msgid ""
+"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
+"GlobalKnownHostsFile2 /var/lib/sss/pubconf/known_hosts\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:48
+msgid ""
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</"
+"command> for host key authentication by using the following directives for "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_ssh_knownhostsproxy.1.xml:69
+msgid ""
+"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:74
+msgid ""
+"Use port <replaceable>PORT</replaceable> to connect to the host.  By "
+"default, port 22 is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:86
+msgid ""
+"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:97
+msgid ""
+"<citerefentry> <refentrytitle>ssh</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>ssh_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+msgstr ""
 
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
-msgstr ""
+msgstr "SERVICIO DE DESCUBRIMIENTO"
 
 #. type: Content of: <refsect1><para>
 #: include/service_discovery.xml:4
@@ -6316,7 +6896,7 @@ msgstr ""
 #. type: Content of: <refsect1><refsect2><title>
 #: include/service_discovery.xml:9
 msgid "Configuration"
-msgstr ""
+msgstr "Configuración"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/service_discovery.xml:11
@@ -6333,7 +6913,7 @@ msgstr ""
 #. type: Content of: <refsect1><refsect2><title>
 #: include/service_discovery.xml:23
 msgid "The domain name"
-msgstr ""
+msgstr "El nombre de dominio"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/service_discovery.xml:25
@@ -6346,7 +6926,7 @@ msgstr ""
 #. type: Content of: <refsect1><refsect2><title>
 #: include/service_discovery.xml:35
 msgid "The protocol"
-msgstr ""
+msgstr "El protocolo"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/service_discovery.xml:37
@@ -6369,7 +6949,7 @@ msgstr ""
 #. type: Content of: outside any tag (error?)
 #: include/upstream.xml:1
 msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
+msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>"
 
 #. type: Content of: <refsect1><title>
 #: include/failover.xml:2
@@ -6433,12 +7013,119 @@ msgstr ""
 #. type: Content of: <varlistentry><term>
 #: include/param_help.xml:3
 msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
+msgstr "<option>-h</option>,<option>--help</option>"
 
 #. type: Content of: <varlistentry><listitem><para>
 #: include/param_help.xml:7
 msgid "Display help message and exit."
+msgstr "Muestra mensaje de ayuda y sale."
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:3
+msgid ""
+"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
+"default value as well as the lowest allowed value, 0xFFF0 is the most "
+"verbose mode. This setting overrides the settings from config file."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:8
+msgid "Currently supported debug levels:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:11
+msgid ""
+"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
+"SSSD from starting up or causes it to cease running."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:15
+msgid ""
+"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
+"the SSSD, but one that indicates that at least one major feature is not "
+"going to work properly."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:20
+msgid ""
+"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
+"particular request or operation has failed."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:24
+msgid ""
+"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
+"percolate down to cause the operation failure of 2."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:28
+msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:31
+msgid "<emphasis>0x0200</emphasis>: Function data."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:34
+msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:37
+msgid ""
+"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:40
+msgid ""
+"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
+"may be interesting."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:43
+msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:46
+msgid ""
+"To log required debug levels, simply add their numbers together as shown in "
+"following examples:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:49
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
+"serious failures and function data use 0x0270."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:53
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
+"function data, trace messages for internal control functions use 0x1310."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:57
+msgid ""
+"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
+"1.7.0.  Older format (numbers from 0-10) is compatible but deprecated."
 msgstr ""
 
-#~ msgid "Supported services: nss, pam"
-#~ msgstr "Servicios soportados: nss, pam"
+#. type: Content of: outside any tag (error?)
+#: include/experimental.xml:1
+msgid ""
+"<emphasis> This is an experimental feature, please use http://fedorahosted."
+"org/sssd to report any issues.  </emphasis>"
+msgstr ""
diff --git a/src/man/po/et.po b/src/man/po/et.po
deleted file mode 100644
index 0611a0208..000000000
--- a/src/man/po/et.po
+++ /dev/null
@@ -1,6314 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Estonian (http://www.transifex.net/projects/p/fedora/team/"
-"et/)\n"
-"Language: et\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/fa.po b/src/man/po/fa.po
deleted file mode 100644
index ac0b39931..000000000
--- a/src/man/po/fa.po
+++ /dev/null
@@ -1,6314 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Persian (http://www.transifex.net/projects/p/fedora/team/"
-"fa/)\n"
-"Language: fa\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=1; plural=0\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/fi.po b/src/man/po/fi.po
deleted file mode 100644
index ba151a7b8..000000000
--- a/src/man/po/fi.po
+++ /dev/null
@@ -1,6314 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Finnish (http://www.transifex.net/projects/p/fedora/team/"
-"fi/)\n"
-"Language: fi\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/fr.po b/src/man/po/fr.po
index 24c761ab2..6807e0048 100644
--- a/src/man/po/fr.po
+++ b/src/man/po/fr.po
@@ -3,12 +3,14 @@
 # This file is distributed under the same license as the sssd-docs package.
 #
 # Translators:
+# Fabien Archambault <marbolangos@gmail.com>, 2012.
+#   <sgallagh@redhat.com>, 2012.
 msgid ""
 msgstr ""
 "Project-Id-Version: SSSD\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2011-12-21 10:12+0000\n"
+"POT-Creation-Date: 2012-03-12 16:37-0300\n"
+"PO-Revision-Date: 2012-03-12 20:08+0000\n"
 "Last-Translator: sgallagh <sgallagh@redhat.com>\n"
 "Language-Team: French <trans-fr@lists.fedoraproject.org>\n"
 "Language: fr\n"
@@ -22,9 +24,11 @@ msgstr ""
 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
 #: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
 #: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
+#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5
+#: sss_debuglevel.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_ssh_knownhostsproxy.1.xml:5
 msgid "SSSD Manual pages"
-msgstr ""
+msgstr "Manuel de SSSD"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
@@ -35,7 +39,8 @@ msgstr "sss_groupmod"
 #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
+#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11
+#: sss_debuglevel.8.xml:11
 msgid "8"
 msgstr "8"
 
@@ -61,6 +66,8 @@ msgstr ""
 #: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
 #: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
 #: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
+#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_ssh_authorizedkeys.1.xml:30
+#: sss_ssh_knownhostsproxy.1.xml:31
 msgid "DESCRIPTION"
 msgstr "DESCRIPTION"
 
@@ -77,6 +84,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
+#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_ssh_authorizedkeys.1.xml:78
+#: sss_ssh_knownhostsproxy.1.xml:65
 msgid "OPTIONS"
 msgstr "OPTIONS"
 
@@ -119,12 +128,13 @@ msgstr ""
 "<replaceable>GROUPS</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
 #: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
+#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sss_ssh_knownhostsproxy.1.xml:95
 msgid "SEE ALSO"
 msgstr "VOIR AUSSI"
 
@@ -189,8 +199,8 @@ msgid ""
 "            "
 msgstr ""
 "                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
+"                <replaceable>clef</replaceable> = <replaceable>valeur</replaceable>\n"
+"                <replaceable>clef2</replaceable> = <replaceable>valeur2, valeur3</replaceable>\n"
 "            "
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -201,6 +211,10 @@ msgid ""
 "until the next section begins. An example of section with single and multi-"
 "valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
+"Ce fichier utilise la syntaxe « ini-style » et est constituée de sections "
+"ainsi que de paramètres. Une sections commence par le nom de la section "
+"entre guillements et continue jusqu'à la section suivante. Un exemple de "
+"section avec des paramètres : <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:36
@@ -237,7 +251,7 @@ msgid ""
 "<filename>sssd.conf</filename> must be a regular file, owned by root and "
 "only root may read from or write to the file."
 msgstr ""
-"<filename>sssd.conf</filename> doit être un fichier possédé par root et seul "
+"<filename>sssd.conf</filename> doit être un fichier possédé par root, seul "
 "root peut écrire et lire ce fichier."
 
 #. type: Content of: <reference><refentry><refsect1><title>
@@ -251,7 +265,7 @@ msgid "The [sssd] section"
 msgstr "La section [sssd]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
 msgid "Section parameters"
 msgstr "Paramètres de section"
 
@@ -304,7 +318,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:102 sssd.conf.5.xml:265
 msgid "Default: 3"
-msgstr "Défaut : 3"
+msgstr "Par défaut : 3"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:107
@@ -345,9 +359,9 @@ msgid ""
 "which translates to \"the name is everything up to the <quote>@</quote> "
 "sign, the domain everything after that\""
 msgstr ""
-"Défaut : <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> qui "
-"se traduit par « peu importe le nom jusqu'au <quote>@</quote>, peu importe "
-"le domaine après »"
+"Par défaut : <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
+"qui se traduit par « peu importe le nom jusqu'au <quote>@</quote>, peu "
+"importe le domaine après »"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:132
@@ -382,11 +396,14 @@ msgid ""
 "manvolnum> </citerefentry>-compatible format that describes how to translate "
 "a (name, domain) tuple into a fully qualified name."
 msgstr ""
+"Un format compatible <citerefentry> <refentrytitle>printf</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> décrivant la traduction (nom, "
+"domaine) d'un tuple en un domaine totalement qualifé."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:157
 msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr "Défaut : <quote>%1$s@%2$s</quote>."
+msgstr "Par défaut : <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:162
@@ -401,6 +418,10 @@ msgid ""
 "this, and will fall back to polling resolv.conf every five seconds if "
 "inotify cannot be used."
 msgstr ""
+"SSSD gère l'état de resolv.conf pour identifier les besoins de mise à jour "
+"des résolutions de DNS internes. Par défaut, l'utilisation de inotify sera "
+"faite et tentera de scanner resolv.conf toutes les cinq secondes si inotify "
+"échoue."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:173
@@ -410,7 +431,7 @@ msgid ""
 "to 'false'"
 msgstr ""
 "Il existe quelques cas spécifiques où l'utilisation de inotify n'est pas "
-"conseillée. Dans ces rares cas, cette option devrait être mise à « false »"
+"conseillée. Dans ces rares cas, cette option devrait être définie à « false »"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:179
@@ -418,8 +439,8 @@ msgid ""
 "Default: true on platforms where inotify is supported. False on other "
 "platforms."
 msgstr ""
-"Défaut : true sur les platformes où inotify est supporté. False sur les "
-"autres plateformes."
+"Par défaut : true sur les platformes où inotify est pris en charge. False "
+"sur les autres plateformes."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:183
@@ -433,7 +454,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:190
 msgid "krb5_rcache_dir (string)"
-msgstr ""
+msgstr "krb5_rcache_dir (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:193
@@ -494,7 +515,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sssd.conf.5.xml:225
 msgid "General service configuration options"
-msgstr ""
+msgstr "Options générales de configuration du service"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sssd.conf.5.xml:227
@@ -517,15 +538,15 @@ msgid "Add a timestamp to the debug messages"
 msgstr "Ajoute un horodatage aux messages de débogage"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
 #: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
 msgid "Default: true"
-msgstr "Défaut : true"
+msgstr "Par défaut : true"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:246
 msgid "debug_microseconds (bool)"
-msgstr ""
+msgstr "debug_microseconds (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:249
@@ -533,20 +554,40 @@ msgid "Add microseconds to the timestamp in debug messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
+#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
 #: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
 #: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
 #: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
 msgid "Default: false"
-msgstr ""
+msgstr "Par défaut : false"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:270
+msgid "fd_limit"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:273
+msgid ""
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:282
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:287
 msgid "command (string)"
 msgstr "command (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:290
 msgid ""
 "By default, the executable representing this service is called <command>sssd_"
 "${service_name}</command>.  This directive allows to change the executable "
@@ -559,17 +600,17 @@ msgstr ""
 "défaut sont suffisantes."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
+#: sssd.conf.5.xml:298
 msgid "Default: <command>sssd_${service_name}</command>"
-msgstr "Défaut : <command>sssd_${service_name}</command>"
+msgstr "Par défaut : <command>sssd_${service_name}</command>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
+#: sssd.conf.5.xml:306
 msgid "NSS configuration options"
 msgstr "Options de configuration NSS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:308
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -577,29 +618,31 @@ msgstr ""
 "Switch (NSS)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
+#: sssd.conf.5.xml:313
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
+#: sssd.conf.5.xml:316
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
+"Combien de secondes nss_sss doit-il mettre en cache les énumérations "
+"(requêtes pour les informations sur tous les utilisateurs)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
+#: sssd.conf.5.xml:320
 msgid "Default: 120"
-msgstr "Défaut : 120"
+msgstr "Par défaut : 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:325
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
+#: sssd.conf.5.xml:328
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -610,7 +653,7 @@ msgstr ""
 "valeur de entry_cache_timeout pour le domaine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:334
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -625,7 +668,7 @@ msgstr ""
 "requêtes ne seront pas bloquées en attendant une mise à jour du cache."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
+#: sssd.conf.5.xml:344
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -638,17 +681,17 @@ msgstr ""
 "de non réponse à moins de 10 secondes (0 pour désactiver l'option)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
+#: sssd.conf.5.xml:352
 msgid "Default: 50"
-msgstr ""
+msgstr "Par défaut : 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
+#: sssd.conf.5.xml:357
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
+#: sssd.conf.5.xml:360
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -660,17 +703,17 @@ msgstr ""
 "nouveau l'arrière plan."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
 msgid "Default: 15"
-msgstr "Défaut : 15"
+msgstr "Par défaut : 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:371
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:374
 msgid ""
 "Exclude certain users from being fetched from the sss NSS database. This is "
 "particularly useful for system accounts. This option can also be set per-"
@@ -684,17 +727,17 @@ msgstr ""
 "domaine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:381
 msgid "Default: root"
-msgstr "Défaut : root"
+msgstr "Par défaut : root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
+#: sssd.conf.5.xml:386
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
+#: sssd.conf.5.xml:389
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -702,170 +745,176 @@ msgstr ""
 "à « false »."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:398
 msgid "override_homedir (string)"
 msgstr "override_homedir (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
 msgid "%u"
 msgstr "%u"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
 msgid "login name"
 msgstr "nom de connexion"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
 msgid "%U"
 msgstr "%U"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:412
 msgid "UID number"
-msgstr ""
+msgstr "paramètre UID"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
 msgid "%d"
 msgstr "%d"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:416
 msgid "domain name"
 msgstr "nom de domaine"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:419
 msgid "%f"
 msgstr "%f"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:420
 msgid "fully qualified user name (user@domain)"
 msgstr "nom d'utilisateur qualifié totalement (utilisateur@domaine)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
 msgid "%%"
 msgstr "%%"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
 msgid "a literal '%'"
 msgstr "un « % » littéral"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:401
 msgid ""
 "Override the user's home directory. You can either provide an absolute value "
 "or a template. In the template, the following sequences are substituted: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
-"Réécrit le répertoire maison utilisateur. Vous pouvez fournir une valeur "
-"absolue ou un modèle. Dans le modèle, les séquences suivantes sont "
+"Réécrit le répertoire personnel de l'utilisateur. Vous pouvez fournir une "
+"valeur absolue ou un modèle. Dans le modèle, les séquences suivantes sont "
 "substituées :<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:430
 msgid "This option can also be set per-domain."
 msgstr "Cette option peut aussi être définie pour chaque domaine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
+#: sssd.conf.5.xml:435
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
+#: sssd.conf.5.xml:438
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
-"Restreindre le shell de l'utilisateur à une valeur. L'ordre d'évaluation "
-"est :"
+"Restreindre l'interpréteur de commandes de l'utilisateur à une valeur. "
+"L'ordre d'évaluation est :"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
+#: sssd.conf.5.xml:441
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
-"1. Si le shell est présent dans <quote>/etc/shells</quote> il est utilisé."
+"1. Si l'interpréteur de commandes est présent dans <quote>/etc/shells</"
+"quote> il est utilisé."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:445
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
-"2. Si le shell est dans la liste « allowed_shells » mais n'est pas dans "
-"<quote>/etc/shells</quote>, l'utilisation de la valeur « shell_fallback » "
-"sera faite."
+"2. Si l'interpréteur de commandes est dans la liste « allowed_shells » mais "
+"n'est pas dans <quote>/etc/shells</quote>, l'utilisation de la valeur « "
+"shell_fallback » sera faite."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
+#: sssd.conf.5.xml:450
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
-"3. Si le shell n'est ni dans la liste « allowed_shells » ni dans <quote>/etc/"
-"shells</quote>, une connexion sans shell est utlisée."
+"3. Si l'interpréteur de commandes n'est ni dans la liste « allowed_shells » "
+"ni dans <quote>/etc/shells</quote>, une connexion sans shell est utlisée."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:455
 msgid "An empty string for shell is passed as-is to libc."
-msgstr "Une chaîne vide pour le shell est passée comme elle est à la libc."
+msgstr ""
+"Une chaîne vide pour l'interpréteur de commandes est passée comme elle est à "
+"la libc."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:458
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 "Le fichier <quote>/etc/shells</quote> n'est lu qu'au démarrage de SSSD. Un "
-"redémarrage de SSSD est nécessaire si un nouveau shell est installé."
+"redémarrage de SSSD est nécessaire si un nouvel interpréteur de commandes "
+"est installé."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:462
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
-"Défaut : non défini. Le shell de l'utilisateur est utilisé automatiquement."
+"Par défaut : non défini. L'interpréteur de commandes de l'utilisateur est "
+"utilisé automatiquement."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:467
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:470
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
-"Remplacer toutes les occurences de ces shells par le « shell_fallback »"
+"Remplacer toutes les occurences de ces interpréteurs de commandes par "
+"l'interpréteur de commandes par défaut"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:475
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:478
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
-"Le shell par défaut à utiliser si un shell autorisé n'est pas installé sur "
-"la machine."
+"L'interpréteur de commandes par défaut à utiliser si un interpréteur de "
+"commandes autorisé n'est pas installé sur la machine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:482
 msgid "Default: /bin/sh"
-msgstr "Défaut : /bin/sh"
+msgstr "Par défaut : /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:489
 msgid "PAM configuration options"
 msgstr "Options de configuration de PAM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
+#: sssd.conf.5.xml:491
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -874,12 +923,12 @@ msgstr ""
 "(PAM)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:496
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:499
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -889,17 +938,17 @@ msgstr ""
 "connexion réussie)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
+#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
 msgid "Default: 0 (No limit)"
-msgstr "Défaut : 0 (pas de limite)"
+msgstr "Par défaut : 0 (pas de limite)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
+#: sssd.conf.5.xml:510
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:513
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -908,12 +957,12 @@ msgstr ""
 "échouées sont autorisées."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
+#: sssd.conf.5.xml:523
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
+#: sssd.conf.5.xml:526
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -922,7 +971,7 @@ msgstr ""
 "atteint avant qu'une nouvelle tentative soit possible."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
+#: sssd.conf.5.xml:531
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -930,17 +979,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
 msgid "Default: 5"
-msgstr "Défaut : 5"
+msgstr "Par défaut : 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:543
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
+#: sssd.conf.5.xml:546
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -949,44 +998,44 @@ msgstr ""
 "d'authentification. Le nombre le plus grand affichera plus de messages."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
+#: sssd.conf.5.xml:551
 msgid "Currently sssd supports the following values:"
 msgstr "Actuellement sssd supporte les valeurs :"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:554
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis> : ne pas afficher de message"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:557
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis> : afficher seulement les messages importants"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
+#: sssd.conf.5.xml:561
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis> : afficher les messages d'information"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
+#: sssd.conf.5.xml:564
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 "<emphasis>3</emphasis> : afficher tous les messages et informations de "
 "débogage"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
+#: sssd.conf.5.xml:568 sssd.8.xml:63
 msgid "Default: 1"
-msgstr "Défaut : 1"
+msgstr "Par défaut : 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:573
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:576
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -998,7 +1047,7 @@ msgstr ""
 "les dernières informations."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
+#: sssd.conf.5.xml:582
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1012,17 +1061,17 @@ msgstr ""
 "retour avec le fournisseur d'identité."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:596
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:599
 msgid "Display a warning N days before the password expires."
 msgstr "Afficher une alerte N jours avant que le mot de passe n'expire."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:602
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1033,50 +1082,35 @@ msgstr ""
 "manquante, sssd ne peut afficher de message d'alerte."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
+#: sssd.conf.5.xml:608
 msgid "Default: 7"
-msgstr "Défaut : 7"
+msgstr "Par défaut : 7"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-#, fuzzy
-#| msgid "NSS configuration options"
+#: sssd.conf.5.xml:616
 msgid "SUDO configuration options"
-msgstr "Options de configuration NSS"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-#, fuzzy
-#| msgid "These options can be used to configure any service."
+#: sssd.conf.5.xml:618
 msgid "These options can be used to configure the sudo service."
-msgstr "Ces options peuvent être utilisées pour configurer les services."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-#, fuzzy
-#| msgid "enum_cache_timeout (integer)"
+#: sssd.conf.5.xml:625
 msgid "sudo_cache_timeout (integer)"
-msgstr "enum_cache_timeout (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-#, fuzzy
-#| msgid ""
-#| "For any PAM request while SSSD is online, the SSSD will attempt to "
-#| "immediately update the cached identity information for the user in order "
-#| "to ensure that authentication takes place with the latest information."
+#: sssd.conf.5.xml:628
 msgid ""
 "For any sudo request that comes while SSSD is online, the SSSD will attempt "
 "to update the cached rules in order to ensure that sudo has the latest "
 "ruleset."
 msgstr ""
-"Pour chaque requête PAM quand SSSD est déconnecté, le SSSD tentera de mettre "
-"à jour immédiatement les informations d'identité mises en cache pour "
-"l'utilisateur de manière à s'assurer que l'authentification se fasse avec "
-"les dernières informations."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:634
 msgid ""
 "The user may, however, run a couple of sudo commands successively, which "
 "would trigger multiple LDAP requests.  In order to speed up this use-case, "
@@ -1085,83 +1119,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
+#: sssd.conf.5.xml:641
 msgid ""
 "This option controls how long (in seconds) can the sudo service cache rules "
 "for a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-#, fuzzy
-#| msgid "Default: 10"
+#: sssd.conf.5.xml:645
 msgid "Default: 180"
-msgstr "Défaut : 10"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-#, fuzzy
-#| msgid "debug_timestamps (bool)"
+#: sssd.conf.5.xml:650
 msgid "sudo_timed (bool)"
-msgstr "debug_timestamps (booléen)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:653
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-#, fuzzy
-#| msgid "NSS configuration options"
+#: sssd.conf.5.xml:666
 msgid "AUTOFS configuration options"
-msgstr "Options de configuration NSS"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-#, fuzzy
-#| msgid "These options can be used to configure any service."
+#: sssd.conf.5.xml:668
 msgid "These options can be used to configure the autofs service."
-msgstr "Ces options peuvent être utilisées pour configurer les services."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-#, fuzzy
-#| msgid "entry_negative_timeout (integer)"
+#: sssd.conf.5.xml:676
 msgid "autofs_negative_timeout (integer)"
-msgstr "entry_negative_timeout (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-#, fuzzy
-#| msgid ""
-#| "Specifies for how many seconds nss_sss should cache negative cache hits "
-#| "(that is, queries for invalid database entries, like nonexistent ones)  "
-#| "before asking the back end again."
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
+#: sssd.conf.5.xml:679
+msgid ""
+"Specifies for how many seconds should the autofs responder negative cache "
+"hits (that is, queries for invalid map entries, like nonexistent ones) "
 "before asking the back end again."
 msgstr ""
-"Spécifie le temps, en secondes, pendant lequel nss_sss doit mettre en cache "
-"les résultats négatifs du cache (c'est-à-dire les requêtes pour les bases de "
-"données invalides, comme celles qui n'existent pas) avant d'appeler à "
-"nouveau l'arrière plan."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:696
 msgid "DOMAIN SECTIONS"
 msgstr "SECTIONS DOMAINE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:703
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
+#: sssd.conf.5.xml:706
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -1170,7 +1185,7 @@ msgstr ""
 "dehors de ces limites, il est ignoré."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:711
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1183,17 +1198,17 @@ msgstr ""
 "plage seront rapportés comme prévu."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:718
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Default: 1 for min_id, 0 (no limit) for max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:724
 msgid "timeout (integer)"
 msgstr "timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:727
 msgid ""
 "Timeout in seconds between heartbeats for this domain.  This is used to "
 "ensure that the backend process is alive and capable of answering requests."
@@ -1203,17 +1218,17 @@ msgstr ""
 "répondre."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
+#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
 msgid "Default: 10"
-msgstr "Défaut : 10"
+msgstr "Par défaut : 10"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:738
 msgid "enumerate (bool)"
 msgstr "enumerate (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:741
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
@@ -1222,22 +1237,22 @@ msgstr ""
 "valeurs suivantes :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
+#: sssd.conf.5.xml:745
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = utilisateurs et groupes sont comptés"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:748
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = aucune énumération pour ce domaine"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
+#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
 msgid "Default: FALSE"
-msgstr "Défaut : FALSE"
+msgstr "Par défaut : FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:754
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1253,7 +1268,7 @@ msgstr ""
 "importante liée au processus d'énumération."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
+#: sssd.conf.5.xml:764
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -1263,7 +1278,7 @@ msgstr ""
 "complétion."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
+#: sssd.conf.5.xml:769
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -1277,12 +1292,12 @@ msgstr ""
 "le id_provider spécifique utilisé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:780
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:783
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -1291,122 +1306,88 @@ msgstr ""
 "valides avant d'appeler à nouveau l'arrière plan"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
+#: sssd.conf.5.xml:787
 msgid "Default: 5400"
-msgstr "Défaut : 5400"
+msgstr "Par défaut : 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-#, fuzzy
-#| msgid "entry_cache_timeout (integer)"
+#: sssd.conf.5.xml:793
 msgid "entry_cache_user_timeout (integer)"
-msgstr "entry_cache_timeout (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-#, fuzzy
-#| msgid ""
-#| "How many seconds should nss_sss consider entries valid before asking the "
-#| "backend again"
+#: sssd.conf.5.xml:796
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
-"Combien de temps en secondes doit considérer nss_sss les entrées comme "
-"valides avant d'appeler à nouveau l'arrière plan"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-#, fuzzy
-#| msgid "entry_cache_timeout (integer)"
+#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
+#: sssd.conf.5.xml:839
 msgid "Default: entry_cache_timeout"
-msgstr "entry_cache_timeout (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-#, fuzzy
-#| msgid "entry_cache_timeout (integer)"
+#: sssd.conf.5.xml:806
 msgid "entry_cache_group_timeout (integer)"
-msgstr "entry_cache_timeout (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-#, fuzzy
-#| msgid ""
-#| "How many seconds should nss_sss consider entries valid before asking the "
-#| "backend again"
+#: sssd.conf.5.xml:809
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
-"Combien de temps en secondes doit considérer nss_sss les entrées comme "
-"valides avant d'appeler à nouveau l'arrière plan"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-#, fuzzy
-#| msgid "entry_cache_timeout (integer)"
+#: sssd.conf.5.xml:819
 msgid "entry_cache_netgroup_timeout (integer)"
-msgstr "entry_cache_timeout (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-#, fuzzy
-#| msgid ""
-#| "How many seconds should nss_sss consider entries valid before asking the "
-#| "backend again"
+#: sssd.conf.5.xml:822
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
-"Combien de temps en secondes doit considérer nss_sss les entrées comme "
-"valides avant d'appeler à nouveau l'arrière plan"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-#, fuzzy
-#| msgid "entry_cache_timeout (integer)"
+#: sssd.conf.5.xml:832
 msgid "entry_cache_service_timeout (integer)"
-msgstr "entry_cache_timeout (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-#, fuzzy
-#| msgid ""
-#| "How many seconds should nss_sss consider entries valid before asking the "
-#| "backend again"
+#: sssd.conf.5.xml:835
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
-"Combien de temps en secondes doit considérer nss_sss les entrées comme "
-"valides avant d'appeler à nouveau l'arrière plan"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:845
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:848
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 "Détermine si les crédits utilisateur sont aussi mis en cache dans le cache "
 "LDB local"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:852
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:861
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:864
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -1414,54 +1395,54 @@ msgid ""
 "offline_credentials_expiration."
 msgstr ""
 "Nombre de jours où les entrées sont stockées dans le cache après la dernière "
-"connexion réussie avant d'être enlevé lors du nettoyage du cache. 0 veut "
+"connexion réussie avant d'être enlevées lors du nettoyage du cache. 0 veut "
 "dire conservé pour toujours. La valeur de ce paramètre doit être supérieur "
 "ou égal à offline_credentials_expiration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
+#: sssd.conf.5.xml:871
 msgid "Default: 0 (unlimited)"
 msgstr "Défault: 0 (illimité)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
+#: sssd.conf.5.xml:877
 msgid "id_provider (string)"
 msgstr "id_provider (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:880
 msgid "The Data Provider identity backend to use for this domain."
 msgstr ""
 "L'identité du fournisseur de données en arrière-plan à utiliser pour le "
 "domaine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
+#: sssd.conf.5.xml:884
 msgid "Supported backends:"
-msgstr "Moteurs supportés :"
+msgstr "Moteurs pris en charge :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
+#: sssd.conf.5.xml:887
 msgid "proxy: Support a legacy NSS provider"
 msgstr "proxy: supporte l'ancien protocole NSS"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
+#: sssd.conf.5.xml:890
 msgid "local: SSSD internal local provider"
 msgstr "local: protocole SSSD interne et local"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:893
 msgid "ldap: LDAP provider"
 msgstr "ldap: protocole LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:899
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
+#: sssd.conf.5.xml:902
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1475,12 +1456,12 @@ msgstr ""
 "test@LOCAL</command> ne le trouve."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:915
 msgid "auth_provider (string)"
 msgstr "auth_provider (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:918
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -1489,7 +1470,7 @@ msgstr ""
 "autorisés sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:922
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1501,7 +1482,7 @@ msgstr ""
 "LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:929
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1512,7 +1493,7 @@ msgstr ""
 "citerefentry> pour plus d'informations sur la configuration de Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:936
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
@@ -1520,26 +1501,26 @@ msgstr ""
 "PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:939
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "<quote>none</quote> désactive l'authentification explicitement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:942
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
-"Par défaut : <quote>id_provider</quote> est utilisé s'il est défini et peut "
+"Par défaut : <quote>id_provider</quote> est utilisé s'il est définit et peut "
 "gérer les requêtes d'authentification."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
+#: sssd.conf.5.xml:948
 msgid "access_provider (string)"
 msgstr "access_provider (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:951
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -1550,17 +1531,17 @@ msgstr ""
 "plan). Les fournisseurs internes spécifiques sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:957
 msgid "<quote>permit</quote> always allow access."
 msgstr "<quote>permit</quote> autoriser l'accès de manière permanente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:960
 msgid "<quote>deny</quote> always deny access."
 msgstr "<quote>deny</quote> refuser l'accès de manière permanente.."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
+#: sssd.conf.5.xml:963
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1573,17 +1554,17 @@ msgstr ""
 "configuration du module d'accès simple."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:970
 msgid "Default: <quote>permit</quote>"
-msgstr "Défaut : <quote>permit</quote>"
+msgstr "Par défaut : <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:975
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:978
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -1592,7 +1573,7 @@ msgstr ""
 "domaine. Les fournisseurs acceptés sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
+#: sssd.conf.5.xml:983
 msgid ""
 "<quote>ipa</quote> to change a password stored in an IPA server.  See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1604,7 +1585,7 @@ msgstr ""
 "l'IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:991
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1616,7 +1597,7 @@ msgstr ""
 "serveur LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
+#: sssd.conf.5.xml:999
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1628,7 +1609,7 @@ msgstr ""
 "Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:1007
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
@@ -1636,138 +1617,87 @@ msgstr ""
 "autre cible PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
+#: sssd.conf.5.xml:1011
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 "<quote>none</quote> désactiver le changement de mot de passe explicitement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
+#: sssd.conf.5.xml:1014
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
-"Défaut : <quote>auth_provider</quote> est utilisé si il est défini et peut "
-"gérer les changements de mot de passe."
+"Par défaut : <quote>auth_provider</quote> est utilisé si il est définit et "
+"peut gérer les changements de mot de passe."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-#, fuzzy
-#| msgid "id_provider (string)"
+#: sssd.conf.5.xml:1021
 msgid "sudo_provider (string)"
-msgstr "id_provider (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-#, fuzzy
-#| msgid ""
-#| "The authentication provider used for the domain.  Supported auth "
-#| "providers are:"
+#: sssd.conf.5.xml:1027
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
-"Le fournisseur d'authentification utilisé pour le domaine. Les fournisseurs "
-"autorisés sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-#, fuzzy
-#| msgid ""
-#| "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-#| "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> for more information on configuring LDAP."
+#: sssd.conf.5.xml:1031
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry> for more information on configuring LDAP."
 msgstr ""
-"<quote>ldap</quote> pour changer le mot de passe stocké sur un serveur LDAP. "
-"Voir <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> pour plus d'informations sur la configuration du "
-"serveur LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-#, fuzzy
-#| msgid "<quote>none</quote> disables authentication explicitly."
+#: sssd.conf.5.xml:1038
 msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr "<quote>none</quote> désactive l'authentification explicitement."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-#, fuzzy
-#| msgid ""
-#| "Default: <quote>id_provider</quote> is used if it is set and can handle "
-#| "authentication requests."
+#: sssd.conf.5.xml:1041
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
-"Par défaut : <quote>id_provider</quote> est utilisé s'il est défini et peut "
-"gérer les requêtes d'authentification."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-#, fuzzy
-#| msgid "access_provider (string)"
+#: sssd.conf.5.xml:1047
 msgid "session_provider (string)"
-msgstr "access_provider (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-#, fuzzy
-#| msgid ""
-#| "The provider which should handle change password operations for the "
-#| "domain.  Supported change password providers are:"
+#: sssd.conf.5.xml:1050
 msgid ""
 "The provider which should handle loading of session settings.  Supported "
 "session providers are:"
 msgstr ""
-"Le fournisseur qui devrait gérer le changement des mots de passe pour le "
-"domaine. Les fournisseurs acceptés sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-#, fuzzy
-#| msgid ""
-#| "<quote>ipa</quote> to change a password stored in an IPA server.  See "
-#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> for more information on configuring IPA."
+#: sssd.conf.5.xml:1055
 msgid ""
 "<quote>ipa</quote> to load session settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry> for more information on configuring IPA."
 msgstr ""
-"<quote>ipa</quote> pour changer le mot de passe stocké sur un serveur IPA. "
-"Voir <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> pour plus d'informations sur la configuration de "
-"l'IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-#, fuzzy
-#| msgid "<quote>none</quote> disallows password changes explicitly."
+#: sssd.conf.5.xml:1063
 msgid "<quote>none</quote> disallows fetching session settings explicitly."
 msgstr ""
-"<quote>none</quote> désactiver le changement de mot de passe explicitement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-#, fuzzy
-#| msgid ""
-#| "Default: <quote>id_provider</quote> is used if it is set and can handle "
-#| "authentication requests."
+#: sssd.conf.5.xml:1066
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "session loading requests."
 msgstr ""
-"Par défaut : <quote>id_provider</quote> est utilisé s'il est défini et peut "
-"gérer les requêtes d'authentification."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
+#: sssd.conf.5.xml:1073
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1076
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -1776,62 +1706,62 @@ msgstr ""
 "utiliser pour effectuer les requêtes DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1080
 msgid "Supported values:"
 msgstr "Valeurs autorisées :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1083
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 "ipv4_first : essaye de chercher une IPv4, si ça échoue, essaye une IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1086
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 "ipv4_only : ne tente de résoudre que les noms de domaines en adresses IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1089
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 "ipv6_first : essaye de chercher une IPv6, si ça échoue, essaye une IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1092
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 "ipv6_only : ne tente de résoudre que les noms de domaines en adresses IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1095
 msgid "Default: ipv4_first"
-msgstr "Défaut : ipv4_first"
+msgstr "Par défaut : ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1101
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1104
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the DNS "
 "resolver before assuming that it is unreachable. If this timeout is reached, "
 "the domain will continue to operate in offline mode."
 msgstr ""
-"Défini le temps (en secondes) à attendre la réponse de l'interpréteur DNS "
+"Définit le temps (en secondes) à attendre la réponse de l'interpréteur DNS "
 "avant de considérer qu'il est injoignable. Si ce délai maximum est atteint, "
 "le domaine continuera en mode déconnecté."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1116
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
+#: sssd.conf.5.xml:1119
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -1841,41 +1771,41 @@ msgstr ""
 "de DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1123
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
-"Défaut : utilise la partie du domaine qui est dans le nom d'hôte de la "
+"Par défaut : utilise la partie du domaine qui est dans le nom d'hôte de la "
 "machine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1129
 msgid "override_gid (integer)"
 msgstr "override_gid (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1132
 msgid "Override the primary GID value with the one specified."
-msgstr "Redéfini le GID primaire avec la valeur spécifiée."
+msgstr "Redéfinit le GID primaire avec la valeur spécifiée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
+#: sssd.conf.5.xml:1138
 msgid "case_sensitive (boolean)"
-msgstr ""
+msgstr "case_sensitive (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1141
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1146
 msgid "Default: True"
-msgstr ""
+msgstr "Par défaut : True"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:698
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1887,31 +1817,31 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1158
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1161
 msgid "The proxy target PAM proxies to."
 msgstr "Le proxy cible auquel PAM devient mandataire."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1164
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
-"Défaut : non défini, vous devez prendre une configuration de pam exsitante "
-"ou créer une nouvelle et ajouter le nom de service ici."
+"Par défaut : non défini, vous devez prendre une configuration de pam "
+"exsitante ou créer une nouvelle et ajouter le nom de service ici."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1172
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1175
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1922,7 +1852,7 @@ msgstr ""
 "$(libName)_$(function), par exemple _nss_files_getpwent."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1154
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
@@ -1931,12 +1861,12 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1187
 msgid "The local domain section"
 msgstr "La section du domaine local"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1189
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -1947,81 +1877,81 @@ msgstr ""
 "dire un domaine qui utilise <replaceable>id_provider=local</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1196
 msgid "default_shell (string)"
 msgstr "default_shell (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
+#: sssd.conf.5.xml:1199
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
-"Le shell par défaut pour les utilisateurs créés avec les outils de l'espace "
-"utilisateur SSSD."
+"L'interpréteur de commandes par défaut pour les utilisateurs créés avec les "
+"outils de l'espace utilisateur SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
+#: sssd.conf.5.xml:1203
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr "Par défaut : <filename>/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1208
 msgid "base_directory (string)"
 msgstr "base_directory (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:1211
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 "Les outils ajoutent le nom d'utilisateur à <replaceable>base_directory</"
-"replaceable> et l'utilise comme dossier maison."
+"replaceable> et l'utilise comme dossier personnel."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1216
 msgid "Default: <filename>/home</filename>"
 msgstr "Par défaut : <filename>/home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
+#: sssd.conf.5.xml:1221
 msgid "create_homedir (bool)"
 msgstr "create_homedir (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
+#: sssd.conf.5.xml:1224
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
-"Indique si un dossier maison doit être créé par défaut pour les nouveaux "
+"Indique si un dossier personnel doit être créé par défaut pour les nouveaux "
 "utilisateurs. Peut être outrepassé par la ligne de commande."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
+#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
 msgid "Default: TRUE"
 msgstr "Par défaut : TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1233
 msgid "remove_homedir (bool)"
 msgstr "remove_homedir (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
+#: sssd.conf.5.xml:1236
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
-"Indique si un dossier maison doit être supprimé par défaut à la suppression "
-"des utilisateurs. Peut être outrepassé par la ligne de commande."
+"Indiquer si un dossier personnel doit être supprimé par défaut à la "
+"suppression des utilisateurs. Peut être outrepassé par la ligne de commande."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
+#: sssd.conf.5.xml:1245
 msgid "homedir_umask (integer)"
 msgstr "homedir_umask (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1248
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2029,20 +1959,20 @@ msgid ""
 msgstr ""
 "Utilisé par <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> pour spécifier les permissions par "
-"défaut sur un répertoire maison nouvellement créé."
+"défaut sur un répertoire personnel nouvellement créé."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
+#: sssd.conf.5.xml:1256
 msgid "Default: 077"
 msgstr "Par défaut : 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1261
 msgid "skel_dir (string)"
 msgstr "skel_dir (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1264
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -2050,22 +1980,22 @@ msgid ""
 "manvolnum> </citerefentry>"
 msgstr ""
 "Le répertoire squelette contenant les fichiers et répertoires à copier dans "
-"le répertoire maison utilisateur une fois ce répertoire créé par "
+"le répertoire personnel de l'utilisateur une fois ce répertoire créé par "
 "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
+#: sssd.conf.5.xml:1274
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "Par défaut : <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
+#: sssd.conf.5.xml:1279
 msgid "mail_dir (string)"
 msgstr "mail_dir (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1282
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -2076,17 +2006,17 @@ msgstr ""
 "par défaut est utilisée."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1289
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "Par défaut : <filename>/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
+#: sssd.conf.5.xml:1294
 msgid "userdel_cmd (string)"
 msgstr "userdel_cmd (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1297
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -2097,18 +2027,18 @@ msgstr ""
 "commande n'est pas pris en compte."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1303
 msgid "Default: None, no command is run"
-msgstr "Par défaut : aucune commande lancée"
+msgstr "Par défaut : None, aucune commande lancée"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
+#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
 #: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
 msgid "EXAMPLE"
 msgstr "EXEMPLE"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -2162,7 +2092,7 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1315
 msgid ""
 "The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -2175,7 +2105,7 @@ msgstr ""
 "\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1350
 msgid ""
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
 "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -2274,16 +2204,16 @@ msgid ""
 msgstr ""
 "Spécifie la liste des URI des serveurs LDAP, séparées par des virgules, vers "
 "lequel SSSD doit se connecter dans l'ordre de préférence. Se référer à la "
-"section <quote>FAILOVER</quote> pour plus d'informations sur le « failover » "
-"et la redondance serveur. Si non spécifié, « service discovery » est activé. "
-"Se référer à la section <quote>SERVICE DISCOVERY</quote> pour plus "
-"d'informations."
+"section <quote>BASCULEMENT</quote> pour plus d'informations sur le "
+"basculement et la redondance serveur. Si non spécifié, « service discovery » "
+"est activé. Se référer à la section <quote>SERVICE DISCOVERY</quote> pour "
+"plus d'informations."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:70
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr ""
-"Le format de l'URI doit correspondre au format défini dans la RFC 2732 :"
+"Le format de l'URI doit correspondre au format définit dans la RFC 2732 :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:73
@@ -2368,7 +2298,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:126
 msgid "Examples:"
-msgstr ""
+msgstr "Exemples :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:129
@@ -2425,7 +2355,7 @@ msgstr ""
 "Spécifie le schéma type à utiliser pour le serveur LDAP cible. Selon le "
 "schéma choisi, l'attribut nom par défaut recherché sur les serveurs peut "
 "varier. La façon de gérer les attributs peut aussi varier. Trois schémas "
-"sont actuellement supportés : rfc2307, rfc2307bis et IPA. La différence "
+"sont actuellement pris en charge : rfc2307, rfc2307bis et IPA. La différence "
 "principale entre ces types de schéma est comment l'appartenance au groupe "
 "est enregistrée sur le serveur. Avec rfc2307 les membres du groupe sont "
 "listés par nom dans l'attribut <emphasis>memberUid</emphasis>. Avec "
@@ -2461,7 +2391,7 @@ msgstr "Le type de jeton d'authentification pour le lien DN par défaut."
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:203
 msgid "The two mechanisms currently supported are:"
-msgstr "Les deux mécanismes actuellement supportés sont :"
+msgstr "Les deux mécanismes actuellement pris en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:206
@@ -2490,7 +2420,7 @@ msgid ""
 "are currently supported."
 msgstr ""
 "Le jeton d'authentification pour le lien DN par défaut. Seulement des mots "
-"de passe en clair sont actuellement supportés."
+"de passe en clair sont actuellement pris en charge."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:228
@@ -2571,52 +2501,56 @@ msgstr "Par défaut : gecos"
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:292
 msgid "ldap_user_home_directory (string)"
-msgstr ""
+msgstr "ldap_user_home_directory (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:295
 msgid "The LDAP attribute that contains the name of the user's home directory."
 msgstr ""
+"L'attribut LDAP qui contient le nom du répertoire personnel de l'utilisateur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:299
 msgid "Default: homeDirectory"
-msgstr ""
+msgstr "Par défaut : Répertoire_personnel"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:305
 msgid "ldap_user_shell (string)"
-msgstr ""
+msgstr "ldap_user_shell (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:308
 msgid "The LDAP attribute that contains the path to the user's default shell."
 msgstr ""
+"L'attribut LDAP qui contient le chemin vers l'interpréteur de commandes de "
+"l'utilisateur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:312
 msgid "Default: loginShell"
-msgstr ""
+msgstr "Par défaut : loginShell"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:318
 msgid "ldap_user_uuid (string)"
-msgstr ""
+msgstr "ldap_user_uuid (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:321
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr ""
+"L'attribut LDAP qui contient les UUID/GUID d'un objet utilisateur LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
 msgid "Default: nsUniqueId"
-msgstr ""
+msgstr "Par défaut : nsUniqueId"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:331
 msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
+msgstr "ldap_user_modify_timestamp (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
@@ -2624,16 +2558,18 @@ msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
 msgstr ""
+"L'attribut LDAP qui contient l'horodatage de la dernière modification de "
+"l'objet parent."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
 msgid "Default: modifyTimestamp"
-msgstr ""
+msgstr "Par défaut : modifyTimestamp"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:344
 msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
+msgstr "ldap_user_shadow_last_change (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:347
@@ -2643,16 +2579,20 @@ msgid ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
 "the last password change)."
 msgstr ""
+"En utilisant ldap_pwd_policy=shadow, ce paramètre contient le nom de "
+"l'attribut LDAP correspondant à <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> (date de changement "
+"du dernier mot de passe)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:357
 msgid "Default: shadowLastChange"
-msgstr ""
+msgstr "Par défaut : shadowLastChange"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:363
 msgid "ldap_user_shadow_min (string)"
-msgstr ""
+msgstr "ldap_user_shadow_min (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:366
@@ -2662,16 +2602,20 @@ msgid ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
 "password age)."
 msgstr ""
+"En utilisant ldap_pwd_policy=shadow, ce paramètre contient le nom de "
+"l'attribut LDAP correspondant à <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> (durée de validité "
+"minimum du mot de passe)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:375
 msgid "Default: shadowMin"
-msgstr ""
+msgstr "Par défaut : shadowMin"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:381
 msgid "ldap_user_shadow_max (string)"
-msgstr ""
+msgstr "ldap_user_shadow_max (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:384
@@ -2681,16 +2625,20 @@ msgid ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
 "password age)."
 msgstr ""
+"En utilisant ldap_pwd_policy=shadow, ce paramètre contient le nom de "
+"l'attribut LDAP correspondant à <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> (âge maximum du mot "
+"de passe)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:393
 msgid "Default: shadowMax"
-msgstr ""
+msgstr "Par défaut : shadowMax"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:399
 msgid "ldap_user_shadow_warning (string)"
-msgstr ""
+msgstr "ldap_user_shadow_warning (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:402
@@ -2700,16 +2648,20 @@ msgid ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
 "(password warning period)."
 msgstr ""
+"En utilisant ldap_pwd_policy=shadow, ce paramètre contient le nom de "
+"l'attribut LDAP correspondant à <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> (période "
+"d'avertissement du mot de passe)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:412
 msgid "Default: shadowWarning"
-msgstr ""
+msgstr "Par défaut : shadowWarning"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:418
 msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
+msgstr "ldap_user_shadow_inactive (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:421
@@ -2719,16 +2671,20 @@ msgid ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
 "(password inactivity period)."
 msgstr ""
+"En utilisant ldap_pwd_policy=shadow, ce paramètre contient le nom de "
+"l'attribut LDAP correspondant à <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> (période "
+"d'inactivité du mot de passe)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:431
 msgid "Default: shadowInactive"
-msgstr ""
+msgstr "Par défaut : shadowInactive"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:437
 msgid "ldap_user_shadow_expire (string)"
-msgstr ""
+msgstr "ldap_user_shadow_expire (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:440
@@ -2738,16 +2694,20 @@ msgid ""
 "<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry> counterpart (account expiration date)."
 msgstr ""
+"En utilisant ldap_pwd_policy=shadow ou ldap_account_expire_policy=shadow, ce "
+"paramètre contient le nom de l'attribut LDAP correspondant à <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> (date d'expiration du compte)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:450
 msgid "Default: shadowExpire"
-msgstr ""
+msgstr "Par défaut : shadowExpire"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:456
 msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
+msgstr "ldap_user_krb_last_pwd_change (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:459
@@ -2756,16 +2716,19 @@ msgid ""
 "an LDAP attribute storing the date and time of last password change in "
 "kerberos."
 msgstr ""
+"En utilisant ldap_pwd_policy=mit_kerberos, ce paramètre contient le nom d'un "
+"attribut LDAP stockant la date et l'heure du dernier changement de mot de "
+"passe dans kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:465
 msgid "Default: krbLastPwdChange"
-msgstr ""
+msgstr "Par défaut : krbLastPwdChange"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:471
 msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
+msgstr "ldap_user_krb_password_expiration (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:474
@@ -2773,16 +2736,19 @@ msgid ""
 "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
 "an LDAP attribute storing the date and time when current password expires."
 msgstr ""
+"En utilisant ldap_pwd_policy=mit_kerberos, ce paramètre contient le nom d'un "
+"attribut LDAP stockant la date et l'heure d'expiration du mot de passe "
+"actuel."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:480
 msgid "Default: krbPasswordExpiration"
-msgstr ""
+msgstr "Par défaut : krbPasswordExpiration"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:486
 msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
+msgstr "ldap_user_ad_account_expires (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:489
@@ -2790,16 +2756,18 @@ msgid ""
 "When using ldap_account_expire_policy=ad, this parameter contains the name "
 "of an LDAP attribute storing the expiration time of the account."
 msgstr ""
+"En utilisant ldap_account_expire_policy=ad, ce paramètre contient le nom "
+"d'un attribut LDAP stockant la date d'expiration du compte."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:494
 msgid "Default: accountExpires"
-msgstr ""
+msgstr "Par défaut : accountExpires"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:500
 msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
+msgstr "ldap_user_ad_user_account_control (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:503
@@ -2807,16 +2775,18 @@ msgid ""
 "When using ldap_account_expire_policy=ad, this parameter contains the name "
 "of an LDAP attribute storing the user account control bit field."
 msgstr ""
+"En utilisant ldap_account_expire_policy=ad, ce paramètre contient le nom "
+"d'un attribut LDAP stockant le champ de contrôle du compte utilisateur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:508
 msgid "Default: userAccountControl"
-msgstr ""
+msgstr "Par défaut : userAccountControl"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:514
 msgid "ldap_ns_account_lock (string)"
-msgstr ""
+msgstr "ldap_ns_account_lock (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:517
@@ -2824,16 +2794,18 @@ msgid ""
 "When using ldap_account_expire_policy=rhds or equivalent, this parameter "
 "determines if access is allowed or not."
 msgstr ""
+"En utilisant ldap_account_expire_policy=rhds ou un équivalent, ce paramètre "
+"détermine si l'accès est autorisé ou non."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:522
 msgid "Default: nsAccountLock"
-msgstr ""
+msgstr "Par défaut : nsAccountLock"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:528
 msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
+msgstr "ldap_user_nds_login_disabled (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:531
@@ -2841,16 +2813,18 @@ msgid ""
 "When using ldap_account_expire_policy=nds, this attribute determines if "
 "access is allowed or not."
 msgstr ""
+"En utilisant ldap_account_expire_policy=nds, cet attribut détermine si "
+"l'accès est autorisé ou non."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
 msgid "Default: loginDisabled"
-msgstr ""
+msgstr "Par défaut : loginDisabled"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:541
 msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
+msgstr "ldap_user_nds_login_expiration_time (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:544
@@ -2858,11 +2832,13 @@ msgid ""
 "When using ldap_account_expire_policy=nds, this attribute determines until "
 "which date access is granted."
 msgstr ""
+"En utilisant ldap_account_expire_policy=nds, cet attribut détermine jusqu'à "
+"quand l'accès est autorisé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:555
 msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
+msgstr "ldap_user_nds_login_allowed_time_map (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:558
@@ -2870,16 +2846,18 @@ msgid ""
 "When using ldap_account_expire_policy=nds, this attribute determines the "
 "hours of a day in a week when access is granted."
 msgstr ""
+"En utilisant ldap_account_expire_policy=nds, cet attribut détermine  les "
+"heures de la semaine auxquelles l'accès est autorisé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:563
 msgid "Default: loginAllowedTimeMap"
-msgstr ""
+msgstr "Par défaut : loginAllowedTimeMap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:569
 msgid "ldap_user_principal (string)"
-msgstr ""
+msgstr "ldap_user_principal (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:572
@@ -2887,30 +2865,28 @@ msgid ""
 "The LDAP attribute that contains the user's Kerberos User Principal Name "
 "(UPN)."
 msgstr ""
+"L'attribut LDAP qui contient le nom principal d'utilisateur (UPN) Kerberos "
+"de l'utilisateur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:576
 msgid "Default: krbPrincipalName"
-msgstr ""
+msgstr "Par défaut : krbPrincipalName"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:582
-#, fuzzy
-#| msgid "ldap_user_search_base (string)"
 msgid "ldap_user_ssh_public_key (string)"
-msgstr "ldap_user_search_base (chaînes)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:585
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's login name."
 msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr "l'attribut LDAP correspondant au nom de connexion utilisateur."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:592
 msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
+msgstr "ldap_force_upper_case_realm (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:595
@@ -2920,11 +2896,15 @@ msgid ""
 "fail. Set this option to a non-zero value if you want to use an upper-case "
 "realm."
 msgstr ""
+"Quelques répertoires serveur, par exemple Active Directory, peuvent délivrer "
+"la partie réelle de l'UPN en minuscule, ce qui peut faire échouer "
+"l'authentification. Définir cette option à une valeur non nulle pour "
+"utiliseur une version en majuscule."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:608
 msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
+msgstr "ldap_enumeration_refresh_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:611
@@ -2936,14 +2916,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
 msgid "Default: 300"
-msgstr ""
+msgstr "Par défaut : 300"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:622
-#, fuzzy
-#| msgid "enum_cache_timeout (integer)"
 msgid "ldap_purge_cache_timeout (integer)"
-msgstr "enum_cache_timeout (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:625
@@ -2952,53 +2930,57 @@ msgid ""
 "with no members and users who have never logged in) and remove them to save "
 "space."
 msgstr ""
+"Déterminer la fréquence pour vérifier le cache pour des entrées inactives "
+"(telles que les groupes sans membres et utilisateurs qui ne se sont jamais "
+"connectés) et les supprimer pour sauvegarder de l'espace."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:631
 msgid "Setting this option to zero will disable the cache cleanup operation."
 msgstr ""
+"Mettre cette option à zéro désactive l'opération de nettoyage du cache."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:635
 msgid "Default: 10800 (12 hours)"
-msgstr ""
+msgstr "Par défaut : 1800 (12 heures)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:641
 msgid "ldap_user_fullname (string)"
-msgstr ""
+msgstr "ldap_user_fullname (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:644
 msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
+msgstr "L'attribut LDAP qui correspond au nom complet de l'utilisateur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
 #: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
 #: sssd-ipa.5.xml:422
 msgid "Default: cn"
-msgstr ""
+msgstr "Par défaut : cn"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:654
 msgid "ldap_user_member_of (string)"
-msgstr ""
+msgstr "ldap_user_member_of (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:657
 msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
+msgstr "L'attribut LDAP qui liste l'appartenance au groupe de l'utilisateur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
 msgid "Default: memberOf"
-msgstr ""
+msgstr "Par défaut : memberOf"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:667
 msgid "ldap_user_authorized_service (string)"
-msgstr ""
+msgstr "ldap_user_authorized_service (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:670
@@ -3007,6 +2989,9 @@ msgid ""
 "use the presence of the authorizedService attribute in the user's LDAP entry "
 "to determine access privilege."
 msgstr ""
+"Si access_provider=ldap et ldap_access_order=authorized_service, SSSD "
+"utilisera la présence de l'attribut authorizedService dans l'entrée LDAP de "
+"l'utilisateur pour déterminer les autorisations d'accès."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:677
@@ -3014,16 +2999,18 @@ msgid ""
 "An explicit deny (!svc) is resolved first. Second, SSSD searches for "
 "explicit allow (svc) and finally for allow_all (*)."
 msgstr ""
+"Le refus explicite (!svc) est résolu en premier. Ensuite, SSSD cherche une "
+"autorisation explicite (svc) et enfin toutes les autorisations (*)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:682
 msgid "Default: authorizedService"
-msgstr ""
+msgstr "Par défaut : authorizedService"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:688
 msgid "ldap_user_authorized_host (string)"
-msgstr ""
+msgstr "ldap_user_authorized_host (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:691
@@ -3032,6 +3019,9 @@ msgid ""
 "presence of the host attribute in the user's LDAP entry to determine access "
 "privilege."
 msgstr ""
+"Si access_provider=ldap et ldap_access_order=host, SSSD va utiliser la "
+"présence de l'attribut d'hôte dans l'entrée LDAP de l'utilisateur pour "
+"déterminer les autorisations d'accès."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:697
@@ -3039,81 +3029,83 @@ msgid ""
 "An explicit deny (!host) is resolved first. Second, SSSD searches for "
 "explicit allow (host) and finally for allow_all (*)."
 msgstr ""
+"Le refus explicite (!host) est résolu en premier. Ensuite, SSSD cherche les "
+"autorisations explicites (host) et enfin toutes les autorisations (*)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:702
 msgid "Default: host"
-msgstr ""
+msgstr "Par défaut : host"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:708
 msgid "ldap_group_object_class (string)"
-msgstr ""
+msgstr "ldap_group_object_class (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:711
 msgid "The object class of a group entry in LDAP."
-msgstr ""
+msgstr "La classe objet d'une entrée de groupe dans LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:714
 msgid "Default: posixGroup"
-msgstr ""
+msgstr "Par défaut : posixGroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:720
 msgid "ldap_group_name (string)"
-msgstr ""
+msgstr "ldap_group_name (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:723
 msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
+msgstr "L'attribut LDAP qui correspond au nom du groupe."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:733
 msgid "ldap_group_gid_number (string)"
-msgstr ""
+msgstr "ldap_group_gid_number (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:736
 msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
+msgstr "L'attribut LDAP qui correspond à l'identifiant de groupe."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:746
 msgid "ldap_group_member (string)"
-msgstr ""
+msgstr "ldap_group_member (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:749
 msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
+msgstr "L'attribut LDAP qui contient les noms des membres de groupe."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:753
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
+msgstr "Par défaut : uid de membre (rfc2307) / membre (rfc2307bis)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:759
 msgid "ldap_group_uuid (string)"
-msgstr ""
+msgstr "ldap_group_uuid (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:762
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
+msgstr "L'attribut LDAP qui contient les UUID/GUID d'un groupe objet LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:772
 msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
+msgstr "ldap_group_modify_timestamp (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:785
 msgid "ldap_group_nesting_level (integer)"
-msgstr ""
+msgstr "ldap_group_nesting_level (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:788
@@ -3122,21 +3114,24 @@ msgid ""
 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
 "follow. This option has no effect on the RFC2307 schema."
 msgstr ""
+"Si ldap_schema est définit comme un format qui supporte les groupes liés (e."
+"g. RFC2307bis), alors cette option contrôle le nombre de niveaux liés SSSD à "
+"suivre. Cette option n'a pas d'effet sur le schéma RFC2307."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:795
 msgid "Default: 2"
-msgstr ""
+msgstr "Par défaut : 2"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:801
 msgid "ldap_netgroup_object_class (string)"
-msgstr ""
+msgstr "ldap_netgroup_object_class (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:804
 msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
+msgstr "La classe d'objet d'une entrée de groupe réseau dans LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:807
@@ -3146,17 +3141,17 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:811
 msgid "Default: nisNetgroup"
-msgstr ""
+msgstr "Par défaut : nisNetgroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:817
 msgid "ldap_netgroup_name (string)"
-msgstr ""
+msgstr "ldap_netgroup_name (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:820
 msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
+msgstr "L'attribut LDAP qui correspond au nom du groupe réseau."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:824
@@ -3166,12 +3161,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:834
 msgid "ldap_netgroup_member (string)"
-msgstr ""
+msgstr "ldap_netgroup_member (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:837
 msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
+msgstr "L'attribut LDAP qui contient les noms des membres de groupe réseau."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:841
@@ -3181,18 +3176,20 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:845
 msgid "Default: memberNisNetgroup"
-msgstr ""
+msgstr "Par défaut : memberNisNetgroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:851
 msgid "ldap_netgroup_triple (string)"
-msgstr ""
+msgstr "ldap_netgroup_triple (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:854
 msgid ""
 "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
+"L'attribut LDAP qui contient le triplet (hôte, utilisateur, domaine) d'un "
+"groupe réseau."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
@@ -3202,18 +3199,19 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:861
 msgid "Default: nisNetgroupTriple"
-msgstr ""
+msgstr "Par défaut : nisNetgroupTriple"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:867
 msgid "ldap_netgroup_uuid (string)"
-msgstr ""
+msgstr "ldap_netgroup_uuid (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:870
 msgid ""
 "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
 msgstr ""
+"L'attribut LDAP qui contient les UUID/GUID d'un objet LDAP de groupe réseau."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:874
@@ -3223,94 +3221,70 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:884
 msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
+msgstr "ldap_netgroup_modify_timestamp (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:900
-#, fuzzy
-#| msgid "ldap_user_object_class (string)"
 msgid "ldap_service_object_class (string)"
-msgstr "ldap_user_object_class (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:903
-#, fuzzy
-#| msgid "The object class of a user entry in LDAP."
 msgid "The object class of a service entry in LDAP."
-msgstr "La classe objet d'une entrée utilisateur dans LDAP."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:906
-#, fuzzy
-#| msgid "Default: filter"
 msgid "Default: ipService"
-msgstr "Défaut : filter"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:912
-#, fuzzy
-#| msgid "ldap_dns_service_name (string)"
 msgid "ldap_service_name (string)"
-msgstr "ldap_dns_service_name (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:915
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's login name."
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
-msgstr "l'attribut LDAP correspondant au nom de connexion utilisateur."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:925
-#, fuzzy
-#| msgid "ldap_dns_service_name (string)"
 msgid "ldap_service_port (string)"
-msgstr "ldap_dns_service_name (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:928
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's id."
 msgid "The LDAP attribute that contains the port managed by this service."
-msgstr "L'attribut LDAP correspondant à l'id utilisateur."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:932
-#, fuzzy
-#| msgid "Default: ipv4_first"
 msgid "Default: ipServicePort"
-msgstr "Défaut : ipv4_first"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:938
-#, fuzzy
-#| msgid "ldap_dns_service_name (string)"
 msgid "ldap_service_proto (string)"
-msgstr "ldap_dns_service_name (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:941
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's id."
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
-msgstr "L'attribut LDAP correspondant à l'id utilisateur."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:945
-#, fuzzy
-#| msgid "Default: ipv4_first"
 msgid "Default: ipServiceProtocol"
-msgstr "Défaut : ipv4_first"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:951
-#, fuzzy
-#| msgid "ldap_user_search_base (string)"
 msgid "ldap_service_search_base (string)"
-msgstr "ldap_user_search_base (chaînes)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:954
@@ -3331,12 +3305,12 @@ msgstr ""
 #: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
 #: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
+msgstr "Par défaut : la valeur de <emphasis>ldap_search_base</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:970
 msgid "ldap_search_timeout (integer)"
-msgstr ""
+msgstr "ldap_search_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:973
@@ -3345,6 +3319,9 @@ msgid ""
 "before they are cancelled and cached results are returned (and offline mode "
 "is entered)"
 msgstr ""
+"Définit le délai d'attente (en secondes) autorisé pour les recherches LDAP "
+"avant qu'elles se terminent et de retourner les résultats contenus dans le "
+"cache (et le mode hors ligne est activé)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:979
@@ -3353,16 +3330,19 @@ msgid ""
 "will likely be replaced at some point by a series of timeouts for specific "
 "lookup types."
 msgstr ""
+"Note : cette option est susceptible de changer dans les prochaines version "
+"de SSSD. Il sera surement remplacé par une série de délais d'attente pour "
+"différentes recherches."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
 msgid "Default: 6"
-msgstr ""
+msgstr "Par défaut : 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:991
 msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
+msgstr "ldap_enumeration_search_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:994
@@ -3371,16 +3351,19 @@ msgid ""
 "enumerations are allowed to run before they are cancelled and cached results "
 "are returned (and offline mode is entered)"
 msgstr ""
+"Définit le délai d'attente (en secondes) autorisé pour les recherches LDAP "
+"sur les utilisateurs et groupes avant qu'elles se terminent et que les "
+"résultats mis en cache soient retournés (et le mode hors ligne est activé)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1001
 msgid "Default: 60"
-msgstr ""
+msgstr "Par défaut : 60"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1007
 msgid "ldap_network_timeout (integer)"
-msgstr ""
+msgstr "ldap_network_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1010
@@ -3392,11 +3375,17 @@ msgid ""
 "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
 "citerefentry> returns in case of no activity."
 msgstr ""
+"Définit le délai d'attente (en secondes) après quoi le <citerefentry> "
+"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
+"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
+"manvolnum> </citerefentry> suivi de <citerefentry> <refentrytitle>connect</"
+"refentrytitle> <manvolnum>2</manvolnum> </citerefentry>  repasse en mode "
+"inactif."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1033
 msgid "ldap_opt_timeout (integer)"
-msgstr ""
+msgstr "ldap_opt_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1036
@@ -3405,11 +3394,14 @@ msgid ""
 "will abort if no response is received. Also controls the timeout when "
 "communicating with the KDC in case of SASL bind."
 msgstr ""
+"Définit le délai d'attente (en secondes) après quoi les appels synchrones à "
+"l'API LDAP sont annulés si aucune réponse n'est obtenue. Permet aussi de "
+"contrôler le délai de communication avec le KDC dans le cas d'un appel SASL."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1048
 msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
+msgstr "ldap_connection_expire_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1051
@@ -3423,12 +3415,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1059
 msgid "Default: 900 (15 minutes)"
-msgstr ""
+msgstr "Par défaut : 900 (15 minutes)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1065
 msgid "ldap_page_size (integer)"
-msgstr ""
+msgstr "ldap_page_size (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1068
@@ -3436,11 +3428,14 @@ msgid ""
 "Specify the number of records to retrieve from LDAP in a single request. "
 "Some LDAP servers enforce a maximum limit per-request."
 msgstr ""
+"Définir le nombre d'enregistrements à récupérer à partir d'une simple "
+"requête LDAP. Certains serveurs LDAP imposent une limite maximale par "
+"requête."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1073
 msgid "Default: 1000"
-msgstr ""
+msgstr "Par défaut : 1000"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1079
@@ -3473,7 +3468,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1103
 msgid "ldap_deref_threshold (integer)"
-msgstr ""
+msgstr "ldap_deref_threshold (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1106
@@ -3482,6 +3477,10 @@ msgid ""
 "cache in order to trigger a dereference lookup. If less members are missing, "
 "they are looked up individually."
 msgstr ""
+"Définir le nombre de membres du groupe qui devraient être manquant au sein "
+"du cache interne dans le but d'activer la vérification de déréférence. Si le "
+"nombre de membre manquant est inférieur, ils sont recherchés "
+"individuellement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1112
@@ -3497,6 +3496,10 @@ msgid ""
 "methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
 "Directory."
 msgstr ""
+"Une recherche de déréférencement est un moyen pour récupérer tous les "
+"membres d'un groupe avec un seul appel LDAP. Plusieurs serveurs LDAP peuvent "
+"avoir différentes méthodes de dé-référencement. Les serveurs actuellement "
+"acceptés sont 389/RHDS, OpenLDAP et Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1124
@@ -3509,7 +3512,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1137
 msgid "ldap_tls_reqcert (string)"
-msgstr ""
+msgstr "ldap_tls_reqcert (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1140
@@ -3517,6 +3520,8 @@ msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
+"Définit les vérifications à effectuer sur les certificats serveur sur une "
+"session TLS, si elle existe. Une des valeurs suivantes est utilisable :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1146
@@ -3524,6 +3529,8 @@ msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
+"<emphasis>never</emphasis> : le client ne demandera, ni ne vérifiera un "
+"quelconque certificat du serveur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1150
@@ -3532,6 +3539,9 @@ msgid ""
 "certificate is provided, the session proceeds normally. If a bad certificate "
 "is provided, it will be ignored and the session proceeds normally."
 msgstr ""
+"<emphasis>allow</emphasis> : le certificat serveur est demandé. Si aucun "
+"certificat n'est fournit, la session continue normalement. Si un mauvais "
+"certificat est fournit, il est ignoré et la session continue normalement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1157
@@ -3540,6 +3550,9 @@ msgid ""
 "certificate is provided, the session proceeds normally. If a bad certificate "
 "is provided, the session is immediately terminated."
 msgstr ""
+"<emphasis>try</emphasis> : le certificat serveur est demandé. Si aucun "
+"certificat n'est fournit, la session continue normalement. Si un mauvais "
+"certificat est fournit, la session se termine immédiatement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1163
@@ -3548,21 +3561,24 @@ msgid ""
 "certificate is provided, or a bad certificate is provided, the session is "
 "immediately terminated."
 msgstr ""
+"<emphasis>demand</emphasis> : le certificat serveur est demandé. Si aucun "
+"certificat ou un mauvais certificat est fournit, la session se termine "
+"immédiatement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1169
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
+msgstr "<emphasis>hard</emphasis> : identique à <quote>demand</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1173
 msgid "Default: hard"
-msgstr ""
+msgstr "Par défaut : hard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1179
 msgid "ldap_tls_cacert (string)"
-msgstr ""
+msgstr "ldap_tls_cacert (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1182
@@ -3570,6 +3586,8 @@ msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
+"Définit le fichier qui contient les certificats pour toutes les autorités de "
+"certificats que <command>sssd</command> reconnaîtra."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
@@ -3577,11 +3595,13 @@ msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
+"Par défaut : utilise les paramètres par défaut de LDAP, en général dans "
+"<filename>/etc/openldap/ldap.conf</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1194
 msgid "ldap_tls_cacertdir (string)"
-msgstr ""
+msgstr "ldap_tls_cacertdir (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1197
@@ -3591,37 +3611,42 @@ msgid ""
 "be the hash of the certificate followed by '.0'.  If available, "
 "<command>cacertdir_rehash</command> can be used to create the correct names."
 msgstr ""
+"Spécifie le chemin d'un dossier qui contient les certificats de l'autorité "
+"de certificats dans des fichiers séparés. Usuellement, les noms de fichiers "
+"sont la somme de contrôle du certificat suivi de « .0 ». Si disponible, "
+"<command>cacertdir_rehash</command> peut être utilisé pour créer les noms "
+"corrects."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1212
 msgid "ldap_tls_cert (string)"
-msgstr ""
+msgstr "ldap_tls_cert (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1215
 msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
+msgstr "Définit le fichier qui contient le certificat pour la clef client."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
 #: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
 msgid "Default: not set"
-msgstr ""
+msgstr "Par défaut : non défini"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1225
 msgid "ldap_tls_key (string)"
-msgstr ""
+msgstr "ldap_tls_key (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1228
 msgid "Specifies the file that contains the client's key."
-msgstr ""
+msgstr "Définit le fichier qui contient la clef client."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1237
 msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
+msgstr "ldap_tls_cipher_suite (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1240
@@ -3630,11 +3655,14 @@ msgid ""
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
 "<manvolnum>5</manvolnum></citerefentry> for format."
 msgstr ""
+"Définit les fluxs de chiffrement acceptables. Usuellement c'est une liste "
+"séparée par des deux-points. Voir <citerefentry><refentrytitle>ldap.conf</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> pour le format."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1253
 msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
+msgstr "ldap_id_use_start_tls (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1256
@@ -3642,11 +3670,13 @@ msgid ""
 "Specifies that the id_provider connection must also use <systemitem class="
 "\"protocol\">tls</systemitem> to protect the channel."
 msgstr ""
+"Définit le fait que le fournisseur d'identité de connexion doit autoriser "
+"<systemitem class=\"protocol\">tls</systemitem> pour protéger le canal."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1266
 msgid "ldap_sasl_mech (string)"
-msgstr ""
+msgstr "ldap_sasl_mech (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1269
@@ -3654,16 +3684,18 @@ msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
 msgstr ""
+"Définit le mécanisme SASL à utiliser. Actuellement, seul GSSAPI est testé et "
+"pris en charge."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
 msgid "Default: none"
-msgstr ""
+msgstr "Par défaut : aucun"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1279
 msgid "ldap_sasl_authid (string)"
-msgstr ""
+msgstr "ldap_sasl_authid (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1282
@@ -3671,16 +3703,19 @@ msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory."
 msgstr ""
+"Définit l'identité d'autorisation SASL à utiliser. Quand GSSAPI est utilisé, "
+"c'est l'identifiant Kerberos principal utilisé pour s'authentifier au "
+"dossier."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1287
 msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
+msgstr "Par défaut : hôte/machine.fqdn@DOMAINE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1293
 msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
+msgstr "ldap_sasl_canonicalize (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1296
@@ -3697,22 +3732,24 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1307
 msgid "ldap_krb5_keytab (string)"
-msgstr ""
+msgstr "ldap_krb5_keytab (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1310
 msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
+msgstr "Définit le fichier keytab à utiliser pour utiliser SASL/GSSAPI."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1313
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
+"Par défaut : le fichier keytab du système, normalement <filename>/etc/krb5."
+"keytab</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1319
 msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
+msgstr "ldap_krb5_init_creds (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1322
@@ -3721,26 +3758,29 @@ msgid ""
 "action is performed only if SASL is used and the mechanism selected is "
 "GSSAPI."
 msgstr ""
+"Définit le fait que le fournisseur d'identité doit initialiser les crédits "
+"Kerberos (TGT). Cette action est effectuée seulement si SASL est utilisé et "
+"que le mécanisme choisit est GSSAPI."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1334
 msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
+msgstr "ldap_krb5_ticket_lifetime (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1337
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
+msgstr "Définit la durée de vie, en secondes, des TGT si GSSAPI est utilisé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1341
 msgid "Default: 86400 (24 hours)"
-msgstr ""
+msgstr "Par défaut : 86400 (24 heures)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
 msgid "krb5_server (string)"
-msgstr ""
+msgstr "krb5_server (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
@@ -3761,6 +3801,9 @@ msgid ""
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
 "none are found."
 msgstr ""
+"En utilisant la recherche de services pour KDC ou les serveurs kpasswd, SSSD "
+"recherche en premier les entrées DNS qui définissent _udp comme protocole et "
+"passe sur _tcp si aucune entrée n'est trouvée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
@@ -3769,6 +3812,10 @@ msgid ""
 "While the legacy name is recognized for the time being, users are advised to "
 "migrate their config files to use <quote>krb5_server</quote> instead."
 msgstr ""
+"Cette option était nommée <quote>krb5_kdcip</quote> dans les versions "
+"précédentes de SSSD. Bien que ce nom soit toujours reconnu à l'heure "
+"actuelle, il est conseillé de migrer les fichiers de configuration vers "
+"l'utilisation de <quote>krb5_server</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
@@ -3778,17 +3825,18 @@ msgstr "krb5_realm (chaîne)"
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1379
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
+msgstr "Définit le DOMAINE de Kerberos (pour l'authentification SASL/GSSAPI)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1382
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
+"Par défaut : système par défaut, voir <filename>/etc/krb5.conf</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
 msgid "krb5_canonicalize (boolean)"
-msgstr ""
+msgstr "krb5_canonicalize (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1391
@@ -3808,6 +3856,8 @@ msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
+"Détermine la politique d'expiration des mots de passe côté client. Les "
+"valeurs suivantes sont acceptées :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1411
@@ -3815,22 +3865,16 @@ msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
+"<emphasis>none</emphasis> : aucun évaluation du côté client. Cette option ne "
+"peut pas désactiver la politique sur les mots de passe du côté serveur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1416
-#, fuzzy
-#| msgid ""
-#| "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry> to specify the default "
-#| "permissions on a newly created home directory."
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
 "evaluate if the password has expired."
 msgstr ""
-"Utilisé par <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> pour spécifier les permissions par "
-"défaut sur un répertoire maison nouvellement créé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1422
@@ -3839,6 +3883,9 @@ msgid ""
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
 "these attributes when the password is changed."
 msgstr ""
+"<emphasis>mit_kerberos</emphasis> : utilisez les attributs utilisés par MIT "
+"Kerberos pour déterminer si le mot de passe a expiré. Utilisez "
+"chpass_provider=krb5 ces attributs lorsque le mot de passe est changé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1434
@@ -3848,7 +3895,7 @@ msgstr "ldap_referrals (booléen)"
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1437
 msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
+msgstr "Définit si le référencement automatique doit être activé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1441
@@ -3856,6 +3903,8 @@ msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
+"Veuillez noter que sssd ne supporte que le référencement quand il est "
+"compilé avec OpenLDAP version 2.4.13 ou supérieur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1452
@@ -3866,16 +3915,18 @@ msgstr "ldap_dns_service_name (chaîne)"
 #: sssd-ldap.5.xml:1455
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
+"Définit le nom de service à utiliser quand la découverte de services est "
+"activée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1459
 msgid "Default: ldap"
-msgstr "Défaut : ldap"
+msgstr "Par défaut : ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1465
 msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
+msgstr "ldap_chpass_dns_service_name (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1468
@@ -3883,11 +3934,15 @@ msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
+"Définit le nom de service à utiliser pour trouver un serveur LDAP autorisant "
+"un changement de mot de passe quand la découverte de services est activée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1473
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
+"Par défaut : non défini, c'est-à-dire que le service de découverte est "
+"désactivé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1479
@@ -3903,6 +3958,11 @@ msgid ""
 "it will result in all users being denied access. Use access_provider = allow "
 "to change this default behavior."
 msgstr ""
+"Si access_provider = ldap, cette option est obligatoire. Elle spécifie un "
+"critère de filtre LDAP requit par l'utilisateur pour avoir un accès sur cet "
+"hôte. Si access_provider = ldap et que cette option n'est pas définie, tous "
+"les utilisateurs seront refusés. Utilisez access_provider = allow pour "
+"changer ce comportement par défaut."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
@@ -3917,6 +3977,9 @@ msgid ""
 "ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
 "                        "
 msgstr ""
+"access_provider = ldap\n"
+"ldap_access_filter = membre_de=cn=utilisateurs_autorisés,ou=Groupes,dc=exemple,dc=com\n"
+"                        "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1499
@@ -3924,6 +3987,8 @@ msgid ""
 "This example means that access to this host is restricted to members of the "
 "\"allowedusers\" group in ldap."
 msgstr ""
+"Cet exemple montre un accès à l'hôte restreint aux membres du groupe « "
+"utilisateurs_autorisés » dans LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1504
@@ -3933,11 +3998,14 @@ msgid ""
 "access during their last login, they will continue to be granted access "
 "while offline and vice-versa."
 msgstr ""
+"Le cache hors-ligne pour cette option est limité et à déterminer dans le cas "
+"où le dernier accès de l'utilisateur était autorisé. Si tel était le cas, "
+"l'accès sera conservé en mode hors-ligne et vice-versa."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
 msgid "Default: Empty"
-msgstr "Défaut : vide"
+msgstr "Par défaut : vide"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1518
@@ -3950,6 +4018,8 @@ msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
+"Avec cette option une évaluation du côté client des contrôles d'accès peut "
+"être activée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1525
@@ -3958,11 +4028,15 @@ msgid ""
 "i.e. the LDAP server should deny the bind request with a suitable error code "
 "even if the password is correct."
 msgstr ""
+"Veuillez noter qu'il est toujours recommandé d'utiliser un contrôle d'accès "
+"du côté serveur, c'est-à-dire que le serveur LDAP doit refuser une requête "
+"de connexion avec un code erreur approprié même si le mot de pass est "
+"correct."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1532
 msgid "The following values are allowed:"
-msgstr ""
+msgstr "Les valeurs suivantes sont autorisées :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1535
@@ -3970,6 +4044,8 @@ msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
+"<emphasis>shadow</emphasis> : utilisez cette valeur de "
+"ldap_user_shadow_expire pour déterminer si le compte a expiré."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1540
@@ -3979,6 +4055,10 @@ msgid ""
 "set. If the attribute is missing access is granted. Also the expiration time "
 "of the account is checked."
 msgstr ""
+"<emphasis>ad</emphasis>  : utilisez la valeur du champ 32 bits "
+"ldap_user_ad_user_account_control et autorisez l'accès si le deuxième bit "
+"n'est pas défini. Si l'attribut est manquant, l'accès est autorisé. La "
+"période d'expiration du compte est aussi vérifiée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1547
@@ -3987,6 +4067,9 @@ msgid ""
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
 "allowed or not."
 msgstr ""
+"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
+"emphasis> : utilisez cette valeur de ldap_ns_account_lock pour vérifier si "
+"l'accès est autorisé ou non."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1553
@@ -3996,6 +4079,10 @@ msgid ""
 "ldap_user_nds_login_expiration_time are used to check if access is allowed. "
 "If both attributes are missing access is granted."
 msgstr ""
+"<emphasis>nds</emphasis> : les valeurs de "
+"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled et "
+"ldap_user_nds_login_expiration_time sont utilisées pour vérifier si l'accès "
+"est autorisé. Si les deux attributs sont manquants l'accès est autorisé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1568
@@ -4006,16 +4093,18 @@ msgstr "ldap_access_order (chaîne)"
 #: sssd-ldap.5.xml:1571
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
+"Liste des options de contrôles d'accès, séparées par des virgules. Valeurs "
+"autorisées :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1575
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
+msgstr "<emphasis>filter</emphasis> : utilise ldap_access_filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1578
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
+msgstr "<emphasis>expire</emphasis>: utilise ldap_account_expire_policy"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1582
@@ -4023,16 +4112,19 @@ msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
+"<emphasis>authorized_service</emphasis> : utilise l'attribut d'autorisation "
+"de service pour déterminer l'accès"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1587
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
+"<emphasis>host</emphasis> : utilise l'attribut d'hôte pour déterminer l'accès"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1591
 msgid "Default: filter"
-msgstr "Défaut : filter"
+msgstr "Par défaut : filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1594
@@ -4040,6 +4132,8 @@ msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
+"Veuillez noter qu'une valeur utilisée plusieurs fois résulte en une erreur "
+"de configuration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1601
@@ -4052,11 +4146,13 @@ msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
+"Définit comment le déréférencement de l'alias est effectué lors d'une "
+"recherche. Les options suivantes sont autorisées :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1609
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
+msgstr "<emphasis>never</emphasis> : les alias ne sont jamais déréférencés."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1613
@@ -4064,6 +4160,9 @@ msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
+"<emphasis>searching</emphasis> : les alias sont déréférencés suivant les "
+"objets subordonnés de l'objet de base, et non pas suivant l'objet de base de "
+"la recherche lui-même."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1618
@@ -4071,6 +4170,8 @@ msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
+"<emphasis>finding</emphasis> : les alias sont seulement déréférencés lors de "
+"la localisation de l'objet de base de la recherche."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1623
@@ -4078,6 +4179,8 @@ msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
+"<emphasis>always</emphasis> : les alias sont déréférencés à la fois en "
+"recherche et en localisant l'objet de base de la recherche."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1628
@@ -4085,6 +4188,8 @@ msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
+"Par défaut : vide (ceci est traité comme <emphasis>never</emphasis> par les "
+"bibliothèques client LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:51
@@ -4095,261 +4200,193 @@ msgid ""
 "manvolnum> </citerefentry> manual page for full details.  <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
+"Toutes les options communes de configuration appliquées aux domaines SSSD "
+"s'appliquent aussi aux domaines LDAP. Voir la section des <quote>SECTIONS DE "
+"DOMAINE</quote> dans le manuel du fichier <citerefentry> <refentrytitle>sssd."
+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> pour plus de "
+"détails. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:1639
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "SUDO OPTIONS"
-msgstr "OPTIONS"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1644
-#, fuzzy
-#| msgid "ldap_user_object_class (string)"
 msgid "ldap_sudorule_object_class (string)"
-msgstr "ldap_user_object_class (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1647
-#, fuzzy
-#| msgid "The object class of a user entry in LDAP."
 msgid "The object class of a sudo rule entry in LDAP."
-msgstr "La classe objet d'une entrée utilisateur dans LDAP."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1650
-#, fuzzy
-#| msgid "Default: uid"
 msgid "Default: sudoRole"
-msgstr "Par défaut : uid"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1656
-#, fuzzy
-#| msgid "ldap_user_name (string)"
 msgid "ldap_sudorule_name (string)"
-msgstr "ldap_user_name (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1659
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's login name."
 msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr "l'attribut LDAP correspondant au nom de connexion utilisateur."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1669
-#, fuzzy
-#| msgid "ldap_schema (string)"
 msgid "ldap_sudorule_command (string)"
-msgstr "ldap_schema (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1672
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's login name."
 msgid "The LDAP attribute that corresponds to the command name."
-msgstr "l'attribut LDAP correspondant au nom de connexion utilisateur."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1676
-#, fuzzy
-#| msgid "Default: uid"
 msgid "Default: sudoCommand"
-msgstr "Par défaut : uid"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1682
-#, fuzzy
-#| msgid "ldap_user_gecos (string)"
 msgid "ldap_sudorule_host (string)"
-msgstr "ldap_user_gecos (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1685
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
 msgstr ""
-"L'attribut LDAP correspondant à l'utilisateur ayant l'id du groupe primaire."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1690
-#, fuzzy
-#| msgid "Default: root"
 msgid "Default: sudoHost"
-msgstr "Défaut : root"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1696
-#, fuzzy
-#| msgid "ldap_user_uid_number (string)"
 msgid "ldap_sudorule_user (string)"
-msgstr "ldap_user_uid_number (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1699
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's login name."
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
-msgstr "l'attribut LDAP correspondant au nom de connexion utilisateur."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1703
-#, fuzzy
-#| msgid "Default: uid"
 msgid "Default: sudoUser"
-msgstr "Par défaut : uid"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1709
-#, fuzzy
-#| msgid "ldap_uri (string)"
 msgid "ldap_sudorule_option (string)"
-msgstr "ldap_uri (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1712
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's id."
 msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr "L'attribut LDAP correspondant à l'id utilisateur."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1716
-#, fuzzy
-#| msgid "Default: uid"
 msgid "Default: sudoOption"
-msgstr "Par défaut : uid"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1722
-#, fuzzy
-#| msgid "ldap_user_name (string)"
 msgid "ldap_sudorule_runasuser (string)"
-msgstr "ldap_user_name (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1725
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
 msgstr ""
-"L'attribut LDAP correspondant à l'utilisateur ayant l'id du groupe primaire."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1729
-#, fuzzy
-#| msgid "Default: uidNumber"
 msgid "Default: sudoRunAsUser"
-msgstr "par défaut : uidNumber"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1735
-#, fuzzy
-#| msgid "ldap_user_name (string)"
 msgid "ldap_sudorule_runasgroup (string)"
-msgstr "ldap_user_name (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1738
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
 msgstr ""
-"L'attribut LDAP correspondant à l'utilisateur ayant l'id du groupe primaire."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1742
-#, fuzzy
-#| msgid "Default: uidNumber"
 msgid "Default: sudoRunAsGroup"
-msgstr "par défaut : uidNumber"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1748
-#, fuzzy
-#| msgid "ldap_user_uid_number (string)"
 msgid "ldap_sudorule_notbefore (string)"
-msgstr "ldap_user_uid_number (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1751
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
 msgstr ""
-"L'attribut LDAP correspondant à l'utilisateur ayant l'id du groupe primaire."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1755
-#, fuzzy
-#| msgid "Default: uidNumber"
 msgid "Default: sudoNotBefore"
-msgstr "par défaut : uidNumber"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1761
-#, fuzzy
-#| msgid "ldap_user_name (string)"
 msgid "ldap_sudorule_notafter (string)"
-msgstr "ldap_user_name (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1764
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
 msgstr ""
-"L'attribut LDAP correspondant à l'utilisateur ayant l'id du groupe primaire."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1769
-#, fuzzy
-#| msgid "Default: filter"
 msgid "Default: sudoNotAfter"
-msgstr "Défaut : filter"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1775
-#, fuzzy
-#| msgid "ldap_access_order (string)"
 msgid "ldap_sudorule_order (string)"
-msgstr "ldap_access_order (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1778
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's id."
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr "L'attribut LDAP correspondant à l'id utilisateur."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1782
-#, fuzzy
-#| msgid "Default: password"
 msgid "Default: sudoOrder"
-msgstr "Par défaut : password"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1788
-#, fuzzy
-#| msgid "ldap_referrals (boolean)"
 msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr "ldap_referrals (booléen)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1791
@@ -4360,10 +4397,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1801
-#, fuzzy
-#| msgid "dns_resolver_timeout (integer)"
 msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr "dns_resolver_timeout (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1804
@@ -4373,36 +4408,22 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1642
-#, fuzzy
-#| msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1815
-#, fuzzy
-#| msgid ""
-#| "The skeleton directory, which contains files and directories to be copied "
-#| "in the user's home directory, when the home directory is created by "
-#| "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>"
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
+"explanation of sudo related attribute semantics, see <citerefentry> "
 "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
 "citerefentry>"
 msgstr ""
-"Le répertoire squelette contenant les fichiers et répertoires à copier dans "
-"le répertoire maison utilisateur une fois ce répertoire créé par "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:1825
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "AUTOFS OPTIONS"
-msgstr "OPTIONS"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1827
@@ -4413,59 +4434,43 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1834
-#, fuzzy
-#| msgid "ldap_user_object_class (string)"
 msgid "ldap_autofs_map_object_class (string)"
-msgstr "ldap_user_object_class (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-#, fuzzy
-#| msgid "The object class of a user entry in LDAP."
 msgid "The object class of an automount map entry in LDAP."
-msgstr "La classe objet d'une entrée utilisateur dans LDAP."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-#, fuzzy
-#| msgid "Default: root"
 msgid "Default: automountMap"
-msgstr "Défaut : root"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1847
-#, fuzzy
-#| msgid "ldap_user_name (string)"
 msgid "ldap_autofs_map_name (string)"
-msgstr "ldap_user_name (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1850
-#, fuzzy
-#| msgid "The object class of a user entry in LDAP."
 msgid "The name of an automount map entry in LDAP."
-msgstr "La classe objet d'une entrée utilisateur dans LDAP."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1853
-#, fuzzy
-#| msgid "Default: uid"
 msgid "Default: ou"
-msgstr "Par défaut : uid"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1860
-#, fuzzy
-#| msgid "ldap_user_object_class (string)"
 msgid "ldap_autofs_entry_object_class (string)"
-msgstr "ldap_user_object_class (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1874
-#, fuzzy
-#| msgid "ldap_user_name (string)"
 msgid "ldap_autofs_entry_key (string)"
-msgstr "ldap_user_name (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
@@ -4476,10 +4481,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1888
-#, fuzzy
-#| msgid "ldap_user_name (string)"
 msgid "ldap_autofs_entry_value (string)"
-msgstr "ldap_user_name (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1895
@@ -4510,6 +4513,8 @@ msgstr "ldap_netgroup_search_base (chaînes)"
 msgid ""
 "An optional base DN to restrict netgroup searches to a specific subtree."
 msgstr ""
+"Une base DN optionnelle pour restreindre les recherches du groupe réseau à "
+"un sous-domaine spécifique."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1930
@@ -4520,6 +4525,8 @@ msgstr "ldap_user_search_base (chaînes)"
 #: sssd-ldap.5.xml:1933
 msgid "An optional base DN to restrict user searches to a specific subtree."
 msgstr ""
+"Une base DN optionnelle pour restreindre les recherches utilisateur à un "
+"sous-domaine spécifique."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1949
@@ -4530,6 +4537,8 @@ msgstr "ldap_group_search_base (chaînes)"
 #: sssd-ldap.5.xml:1952
 msgid "An optional base DN to restrict group searches to a specific subtree."
 msgstr ""
+"Une base DN optionnelle pour restreindre les recherches de groupe à un sous-"
+"domaine spécifique."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1968
@@ -4542,6 +4551,8 @@ msgid ""
 "This option specifies an additional LDAP search filter criteria that "
 "restrict user searches."
 msgstr ""
+"Cette option définit un filtre de recherche LDAP supplémentaire qui "
+"restreint les recherches utilisateur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1975
@@ -4557,6 +4568,8 @@ msgid ""
 "                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
 "                        "
 msgstr ""
+"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
+"                        "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1988
@@ -4564,6 +4577,8 @@ msgid ""
 "This filter would restrict user searches to users that have their shell set "
 "to /bin/tcsh."
 msgstr ""
+"Ce filtre devrait restreindre les recherches utilisateurs aux utilisateurs "
+"qui ont leur interpréteur de commande définit sur /bin/tcsh."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1995
@@ -4576,6 +4591,8 @@ msgid ""
 "This option specifies an additional LDAP search filter criteria that "
 "restrict group searches."
 msgstr ""
+"Cette option définit un filtre de recherche LDAP supplémentaire qui "
+"restreint les recherches de groupe."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2002
@@ -4586,10 +4603,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:2012
-#, fuzzy
-#| msgid "ldap_search_base (string)"
 msgid "ldap_sudo_search_base (string)"
-msgstr "ldap_search_base (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2015
@@ -4599,10 +4614,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:2034
-#, fuzzy
-#| msgid "ldap_user_search_base (string)"
 msgid "ldap_autofs_search_base (string)"
-msgstr "ldap_user_search_base (chaînes)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2037
@@ -4617,6 +4630,10 @@ msgid ""
 "caution. Please include them in your configuration only if you know what you "
 "are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
+"Ces options sont prises en charge pour les domaines LDAP, mais ils doivent "
+"être utilisés avec précaution. Veuillez les inclure dans votre configuration "
+"seulement si vous savez ce que vous faites.  <placeholder type=\"variablelist"
+"\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:2066
@@ -4625,6 +4642,8 @@ msgid ""
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
 "section."
 msgstr ""
+"L'exemple suivant suppose que SSSD est correctement configuré et LDAP pointe "
+"sur un des domaines de la section <replaceable>[domains]</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-ldap.5.xml:2072
@@ -4639,12 +4658,20 @@ msgid ""
 "    cache_credentials = true\n"
 "    enumerate = true\n"
 msgstr ""
+"    [domain/LDAP]\n"
+"    id_provider = ldap\n"
+"    auth_provider = ldap\n"
+"    ldap_uri = ldap://ldap.mon_domaine.org\n"
+"    ldap_search_base = dc=mon_domaine,dc=org\n"
+"    ldap_tls_reqcert = demand\n"
+"    cache_credentials = true\n"
+"    enumerate = true\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
 #: sssd-krb5.5.xml:441
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
+msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
@@ -4659,6 +4686,10 @@ msgid ""
 "<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
 "distribution."
 msgstr ""
+"Les descriptions de quelques options de configuration des pages de manuel "
+"sont basées sur le manuel de <citerefentry> <refentrytitle>ldap.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> dans le paquet de "
+"OpenLDAP 2.4."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:2098
@@ -4668,6 +4699,10 @@ msgid ""
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 msgstr ""
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 
 #. type: Content of: <refentryinfo>
 #: pam_sss.8.xml:8 include/upstream.xml:2
@@ -4675,6 +4710,8 @@ msgid ""
 "<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
 "fedorahosted.org/sssd</orgname>"
 msgstr ""
+"<productname>SSSD</productname> <orgname>Le projet SSSD - http://"
+"fedorahosted.org/sssd</orgname>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: pam_sss.8.xml:13 pam_sss.8.xml:18
@@ -4684,7 +4721,7 @@ msgstr "pam_sss"
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: pam_sss.8.xml:19
 msgid "PAM module for SSSD"
-msgstr ""
+msgstr "Module PAM pour SSSD"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: pam_sss.8.xml:24
@@ -4704,6 +4741,9 @@ msgid ""
 "Services daemon (SSSD). Errors and results are logged through <command>syslog"
 "(3)</command> with the LOG_AUTHPRIV facility."
 msgstr ""
+"<command>pam_sss.so</command> est l'interface PAM pour le démon des services "
+"de sécurité système (SSSD). Les erreurs et résultats sont journalisés par "
+"<command>syslog(3)</command> avec l'argument LOG_AUTHPRIV."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:55
@@ -4726,6 +4766,8 @@ msgid ""
 "If <option>forward_pass</option> is set the entered password is put on the "
 "stack for other PAM modules to use."
 msgstr ""
+"Si <option>forward_pass</option> est définit, le mot de passe entré est "
+"inséré en mémoire pour les autres modules PAM utilisés."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:73
@@ -4739,6 +4781,10 @@ msgid ""
 "modules password and will never prompt the user - if no password is "
 "available or the password is not appropriate, the user will be denied access."
 msgstr ""
+"L'argument use_first_pass force le module à utliser un module de mot de "
+"passe déjà en mémoire et ne fera pas la demande à l'utilisateur. Si aucun "
+"mot de passe n'est disponible ou que celui-ci n'est pas approprié, "
+"l'utilisateur est refusé."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:84
@@ -4751,6 +4797,9 @@ msgid ""
 "When password changing enforce the module to set the new password to the one "
 "provided by a previously stacked password module."
 msgstr ""
+"Lorsque le changement de mot de passe force le module à changer de mot de "
+"passe vers celui fournit par un module de mot de passe déjà chargé en "
+"mémoire."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:94
@@ -4763,6 +4812,8 @@ msgid ""
 "If specified the user is asked another N times for a password if "
 "authentication fails. Default is 0."
 msgstr ""
+"Si définit, on demande le mot de passe à l'utilisateur encore N fois si "
+"l'authentification échoue. Par défaut : 0."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:99
@@ -4771,11 +4822,15 @@ msgid ""
 "calling PAM handles the user dialog on its own. A typical example is "
 "<command>sshd</command> with <option>PasswordAuthentication</option>."
 msgstr ""
+"Veuillez noter que cette option peut ne pas fonctionner comme prévu si "
+"l'application qui appelle PAM gère de lui-même les boîtes de dialogue "
+"utilisateur. Un exemple typique est <command>sshd</command> avec "
+"<option>PasswordAuthentication</option>."
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:110
 msgid "MODULE TYPES PROVIDED"
-msgstr ""
+msgstr "TYPES DE MODULE FOURNIT"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: pam_sss.8.xml:111
@@ -4783,6 +4838,8 @@ msgid ""
 "All module types (<option>account</option>, <option>auth</option>, "
 "<option>password</option> and <option>session</option>) are provided."
 msgstr ""
+"Tous les types de module (<option>account</option>, <option>auth</option>, "
+"<option>password</option> et <option>session</option>) sont fournis."
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:117
@@ -4796,6 +4853,10 @@ msgid ""
 "does not support password resets, an individual message can be displayed. "
 "This message can e.g. contain instructions about how to reset a password."
 msgstr ""
+"Si une remise à zéro de mot de passe par root échoue car le fournisseur SSSD "
+"correspondant ne prend pas en charge la remise à zéro de mot de passe, un "
+"message spécifique peut être affiché. Ce message peut, par exemple, contenir "
+"les instructions pour faire cette remise à zéro."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: pam_sss.8.xml:123
@@ -4816,6 +4877,9 @@ msgid ""
 "DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
 "displayed."
 msgstr ""
+"Ces fichiers sont cherchés dans le dossier <filename>/etc/sssd/customize/"
+"NOM_DE_DOMAINE/</filename>. Si aucun fichier correspondant n'est présent, un "
+"message spécifique est affiché."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: pam_sss.8.xml:141
@@ -4823,6 +4887,8 @@ msgid ""
 "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
 "manvolnum> </citerefentry>"
 msgstr ""
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
@@ -4863,6 +4929,10 @@ msgid ""
 "<command>sssd_krb5_locator_plugin</command> is not available on your system "
 "you have to edit /etc/krb5.conf to reflect your Kerberos setup."
 msgstr ""
+"Toutes les versions de Kerberos ne supportent pas forcément l'utilisation de "
+"modules. Si <command>sssd_krb5_locator_plugin</command> n'est pas présent "
+"dans votre système, vous devez éditer /etc/krb5.conf pour modifier la "
+"configuration de Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd_krb5_locator_plugin.8.xml:69
@@ -4870,6 +4940,9 @@ msgid ""
 "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
 "debug messages will be sent to stderr."
 msgstr ""
+"Si la variable d'environnement, SSSD_KRB5_LOCATOR_DEBUG, a une valeur "
+"quelconque, des messages de débogage (ou d'analyse) seront envoyés sur la "
+"sortie standard d'erreur."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd_krb5_locator_plugin.8.xml:77
@@ -4893,6 +4966,8 @@ msgstr "sssd-simple"
 #: sssd-simple.5.xml:17
 msgid "the configuration file for SSSD's 'simple' access-control provider"
 msgstr ""
+"le fichier de configuration pour le « simple » fournisseur de contrôle "
+"d'accès SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-simple.5.xml:24
@@ -4904,6 +4979,12 @@ msgid ""
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry> manual page."
 msgstr ""
+"Cette page de manuel décrit la configuration du simple fournisseur de "
+"contrôle d'accès pour <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>. Pour plus de détails sur la "
+"syntaxe, veuillez voir la section <quote>FORMAT DE FICHIER</quote> de la "
+"page de manuel <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-simple.5.xml:38
@@ -4911,11 +4992,14 @@ msgid ""
 "The simple access provider grants or denies access based on an access or "
 "deny list of user or group names. The following rules apply:"
 msgstr ""
+"Le simple fournisseur d'accès autorise l'accès à partir d'une liste. Celle-"
+"ci peut définir l'accès ou bien le refus de noms d'utilisateur ou de groupe, "
+"ou encore des noms de groupes. Les règles suivantes s'appliquent :"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-simple.5.xml:43
 msgid "If all lists are empty, access is granted"
-msgstr ""
+msgstr "Si toutes les listes sont vides, l'accès est autorisé"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-simple.5.xml:47
@@ -4923,6 +5007,9 @@ msgid ""
 "If any list is provided, the order of evaluation is allow,deny. This means "
 "that any matching deny rule will supersede any matched allow rule."
 msgstr ""
+"Si une liste est fournie, quel quelle soit, l'ordre d'évaluation est "
+"autorisé, puis refusé, autrement dit une règle de refus écrasera une règle "
+"d'autorisation."
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-simple.5.xml:54
@@ -4930,6 +5017,8 @@ msgid ""
 "If either or both \"allow\" lists are provided, all users are denied unless "
 "they appear in the list."
 msgstr ""
+"Si la ou les listes fournies sont seulement « autorisée », tous les "
+"utilisateurs sont refusés à moins qu'ils ne soient dans la liste."
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-simple.5.xml:60
@@ -4937,6 +5026,8 @@ msgid ""
 "If only \"deny\" lists are provided, all users are granted access unless "
 "they appear in the list."
 msgstr ""
+"Si seulement les listes « refus » sont disponibles, tous les utlisateurs "
+"sont autorisés à moins qu'ils ne soient dans la liste."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-simple.5.xml:78
@@ -4947,6 +5038,7 @@ msgstr "simple_allow_users (chaîne)"
 #: sssd-simple.5.xml:81
 msgid "Comma separated list of users who are allowed to log in."
 msgstr ""
+"Liste, séparée par des virgules, d'utilisateurs autorisés à se connecter."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-simple.5.xml:88
@@ -4957,6 +5049,7 @@ msgstr "simple_deny_users (chaîne)"
 #: sssd-simple.5.xml:91
 msgid "Comma separated list of users who are explicitly denied access."
 msgstr ""
+"Liste, séparée par des virgules, d'utilisateurs qui ont un accès refusé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-simple.5.xml:97
@@ -4969,6 +5062,9 @@ msgid ""
 "Comma separated list of groups that are allowed to log in. This applies only "
 "to groups within this SSSD domain. Local groups are not evaluated."
 msgstr ""
+"Liste, séparée par des virgules, de groupes autorisés à se connecter. Ceci "
+"ne s'applique qu'à des groupes dans un domaine SSSD. Les groupes locaus ne "
+"sont pas évalués."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-simple.5.xml:108
@@ -4982,6 +5078,9 @@ msgid ""
 "applies only to groups within this SSSD domain. Local groups are not "
 "evaluated."
 msgstr ""
+"Liste, séparée par des virgules, de groupes qui sont refusés. Ceci ne "
+"s'applique qu'à des groupes dans un certain domaine SSSD. Les groupes locaux "
+"ne sont pas évalués."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
@@ -4991,6 +5090,10 @@ msgid ""
 "citerefentry> manual page for details on the configuration of an SSSD "
 "domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
+"Veuillez vous référer à la section <quote>SECTIONS DE DOMAINE</quote> du "
+"manuel de <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> pour les détails sur la "
+"configuration du domaine SSSD. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-simple.5.xml:120
@@ -4998,6 +5101,8 @@ msgid ""
 "Please note that it is an configuration error if both, simple_allow_users "
 "and simple_deny_users, are defined."
 msgstr ""
+"Veuillez noter que c'est une erreur de configuration si simple_allow_users "
+"et simple_deny_users, sont définis."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-simple.5.xml:128
@@ -5006,6 +5111,10 @@ msgid ""
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
 "This examples shows only the simple access provider-specific options."
 msgstr ""
+"L'exemple suivant suppose que SSSD est correctement configuré et exemple.com "
+"est un des domaines dans la section <replaceable>[sssd]</replaceable>. Ces "
+"exemples montrent seulement les options du simple fournisseur d'accès "
+"spécifique."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-simple.5.xml:135
@@ -5015,6 +5124,9 @@ msgid ""
 "    access_provider = simple\n"
 "    simple_allow_users = user1, user2\n"
 msgstr ""
+"    [domain/exemple.com]\n"
+"    access_provider = simple\n"
+"    simple_allow_users = utilisateur1, utilisateur2\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-simple.5.xml:145
@@ -5023,6 +5135,9 @@ msgid ""
 "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 msgstr ""
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
@@ -5038,6 +5153,12 @@ msgid ""
 "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
+"Cette page de manuel décrit la configuration du fournisseur IPA pour "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. Pour une référence détaillée sur la syntaxe, veuillez "
+"regarder la section <quote>FORMAT DE FICHIER</quote> de la page de manuel "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:36
@@ -5047,6 +5168,11 @@ msgid ""
 "requires that the machine be joined to the IPA domain; configuration is "
 "almost entirely self-discovered and obtained directly from the server."
 msgstr ""
+"Le fournisseur IPA est un antéserveur pour se connecter au serveur IPA (voir "
+"le site freeipa.org pour plus d'informations sur les serveurs IPA). Ce "
+"fournisseur nécessite que la machine soit joignable pour le domaine IPA ; la "
+"configuration est presque entièrement obtenue et auto-découverte à partir du "
+"serveur."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:43
@@ -5079,6 +5205,8 @@ msgid ""
 "Specifies the name of the IPA domain.  This is optional. If not provided, "
 "the configuration domain name is used."
 msgstr ""
+"Définit le nom du domaine IPA. C'est une option. Si non fournit, le nom de "
+"domaine de configuration est utilisé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:83
@@ -5106,6 +5234,9 @@ msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the IPA domain to identify this host."
 msgstr ""
+"Optionnel. Peut être définit pour des machines où le nom d'hôte ne reflète "
+"pas le nom de domaine entièrement qualifié dans le domaine IPA pour "
+"identifier l'hôte."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:110
@@ -5118,6 +5249,8 @@ msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA v2 with the IP address of this client."
 msgstr ""
+"Optionnel. Cette option indique à SSSD de faire une mise à jour automatique "
+"du serveur DNS construit dans FreeIPA v2 avec l'adresse IP du client."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:118
@@ -5137,11 +5270,14 @@ msgid ""
 "Optional. Applicable only when ipa_dyndns_update is true. Choose the "
 "interface whose IP address should be used for dynamic DNS updates."
 msgstr ""
+"Optionnel. Applicable seulement quand ipa_dyndns_update est vrai. Choisir "
+"l'interface dont l'adresse IP soit être utilisé pour les mises à jour des "
+"DNS dynamiques."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:137
 msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
+msgstr "Par défaut : utilise l'adresse IP de la connexion IPA LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:143
@@ -5156,14 +5292,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:150
 msgid "Default: Use base DN"
-msgstr ""
+msgstr "Par défaut : utilise la base DN"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:156
-#, fuzzy
-#| msgid "ipa_hbac_search_base (string)"
 msgid "ipa_host_search_base (string)"
-msgstr "ipa_hbac_search_base (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:159
@@ -5180,10 +5314,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:180
-#, fuzzy
-#| msgid "ipa_hbac_search_base (string)"
 msgid "ipa_selinux_search_base (string)"
-msgstr "ipa_hbac_search_base (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:183
@@ -5200,7 +5332,7 @@ msgstr "krb5_validate (booléen)"
 msgid ""
 "Verify with the help of krb5_keytab that the TGT obtained has not been "
 "spoofed."
-msgstr ""
+msgstr "Vérifie avec l'aide de krb5_keytab que le TGT obtenu n'est pas usurpé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:209
@@ -5208,6 +5340,8 @@ msgid ""
 "Note that this default differs from the traditional Kerberos provider back "
 "end."
 msgstr ""
+"Notez que cette valeur par défaut diffère du moteur de traitement Kerberos "
+"original."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:219
@@ -5215,6 +5349,8 @@ msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
 msgstr ""
+"Le nom du domaine Kerberos. C'est optionnel et les valeurs par défaut sont "
+"<quote>ipa_domain</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:223
@@ -5222,6 +5358,8 @@ msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
 msgstr ""
+"Le nom du domaine Kerberos a une signification spéciale dans IPA. Il est "
+"convertit en la base DN pour effectuer des opérations LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:234
@@ -5243,11 +5381,14 @@ msgid ""
 "This will reduce the latency and load on the IPA server if there are many "
 "access-control requests made in a short period."
 msgstr ""
+"Le temps entre les règles de recherches HBAC pour un serveur IPA. Cela "
+"réduit le temps de latence et la charge du serveur IPA si il y a beaucoup de "
+"requêtes de contrôle d'accès pendant une courte période."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:257
 msgid "Default: 5 (seconds)"
-msgstr "Défaut : 5 (secondes)"
+msgstr "Par défaut : 5 (secondes)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:262
@@ -5262,6 +5403,11 @@ msgid ""
 "of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
 "client will support two modes of operation during this transition period:"
 msgstr ""
+"Cette option explique comment utiliser les règles HBAC de type REFUS "
+"dépréciées. À partir de FreeIPA v2.1, les règles de REFUS ne sont plus "
+"prises en charge pour le serveur. Tous les utilisateurs de FreeIPA doivent "
+"changer leurs règles pour utiliser seulement les règles d'AUTORISATION. Le "
+"client supportera deux modes opératoires pendant cette transition :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:274
@@ -5269,6 +5415,8 @@ msgid ""
 "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
 "users will be denied access."
 msgstr ""
+"<emphasis>DENY_ALL</emphasis> : si une règle de REFUS HBAC est détectée, "
+"tous les utilisateurs ne pourront pas se connecter."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:279
@@ -5276,16 +5424,18 @@ msgid ""
 "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
 "careful with this option, as it may result in opening unintended access."
 msgstr ""
+"<emphasis>IGNORE</emphasis> : SSSD ignorera toutes les règles de REFUS. "
+"Faites attention avec cette option, elle peut fournir des accès non-prévus."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:284
 msgid "Default: DENY_ALL"
-msgstr "Défaut : DENY_ALL"
+msgstr "Par défaut : DENY_ALL"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:289
 msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
+msgstr "ipa_hbac_support_srchost (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:292
@@ -5303,10 +5453,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:307
-#, fuzzy
-#| msgid "ipa_domain (string)"
 msgid "ipa_automount_location (string)"
-msgstr "ipa_domain (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:310
@@ -5321,7 +5469,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:319
 msgid "ipa_netgroup_member_of (string)"
-msgstr ""
+msgstr "ipa_netgroup_member_of (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:322
@@ -5331,7 +5479,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:331
 msgid "ipa_netgroup_member_user (string)"
-msgstr ""
+msgstr "ipa_netgroup_member_user (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:334
@@ -5426,63 +5574,46 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:404
-#, fuzzy
-#| msgid "ldap_user_object_class (string)"
 msgid "ipa_selinux_usermap_object_class (string)"
-msgstr "ldap_user_object_class (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:415
-#, fuzzy
-#| msgid "ldap_user_name (string)"
 msgid "ipa_selinux_usermap_name (string)"
-msgstr "ldap_user_name (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:418
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's login name."
 msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr "l'attribut LDAP correspondant au nom de connexion utilisateur."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:427
-#, fuzzy
-#| msgid "ipa_server (string)"
 msgid "ipa_selinux_usermap_member_user (string)"
-msgstr "ipa_server (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:430
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgid ""
 "The LDAP attribute that contains all users / groups this rule match against."
 msgstr ""
-"L'attribut LDAP correspondant à l'utilisateur ayant l'id du groupe primaire."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:439
-#, fuzzy
-#| msgid "ipa_server (string)"
 msgid "ipa_selinux_usermap_member_host (string)"
-msgstr "ipa_server (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:442
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's id."
 msgid ""
 "The LDAP attribute that contains all hosts / hostgroups this rule match "
 "against."
-msgstr "L'attribut LDAP correspondant à l'id utilisateur."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:451
-#, fuzzy
-#| msgid "simple_deny_users (string)"
 msgid "ipa_selinux_usermap_see_also (string)"
-msgstr "simple_deny_users (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:454
@@ -5493,138 +5624,100 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:459
-#, fuzzy
-#| msgid "Default: gecos"
 msgid "Default: seeAlso"
-msgstr "Par défaut : gecos"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:464
-#, fuzzy
-#| msgid "simple_deny_users (string)"
 msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr "simple_deny_users (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:467
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's id."
 msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr "L'attribut LDAP correspondant à l'id utilisateur."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:471
-#, fuzzy
-#| msgid "Default: password"
 msgid "Default: ipaSELinuxUser"
-msgstr "Par défaut : password"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:476
-#, fuzzy
-#| msgid "ldap_user_name (string)"
 msgid "ipa_selinux_usermap_enabled (string)"
-msgstr "ldap_user_name (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:479
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's login name."
 msgid ""
 "The LDAP attribute that contains whether or not is user map enabled for "
 "usage."
-msgstr "l'attribut LDAP correspondant au nom de connexion utilisateur."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:483
-#, fuzzy
-#| msgid "Default: ldap"
 msgid "Default: ipaEnabledFlag"
-msgstr "Défaut : ldap"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:488
-#, fuzzy
-#| msgid "ldap_user_search_filter (string)"
 msgid "ipa_selinux_usermap_user_category (string)"
-msgstr "ldap_user_search_filter (chaînes)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:491
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's gecos field."
 msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr "L'attribut LDAP correspondant au champ gecos de l'utilisateur."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:495
-#, fuzzy
-#| msgid "Default: filter"
 msgid "Default: userCategory"
-msgstr "Défaut : filter"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:500
-#, fuzzy
-#| msgid "ipa_hostname (string)"
 msgid "ipa_selinux_usermap_host_category (string)"
-msgstr "ipa_hostname (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:503
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's id."
 msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr "L'attribut LDAP correspondant à l'id utilisateur."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:507
-#, fuzzy
-#| msgid "Default: filter"
 msgid "Default: hostCategory"
-msgstr "Défaut : filter"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:512
-#, fuzzy
-#| msgid "ipa_server (string)"
 msgid "ipa_selinux_usermap_uuid (string)"
-msgstr "ipa_server (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:515
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's id."
 msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr "L'attribut LDAP correspondant à l'id utilisateur."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:519
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: ipaUniqueID"
-msgstr "Défaut : true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:524
-#, fuzzy
-#| msgid "ipa_hostname (string)"
 msgid "ipa_host_ssh_public_key (string)"
-msgstr "ipa_hostname (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:527
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's login name."
 msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr "l'attribut LDAP correspondant au nom de connexion utilisateur."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:531
-#, fuzzy
-#| msgid "Default: uidNumber"
 msgid "Default: ipaSshPubKey"
-msgstr "par défaut : uidNumber"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:546
@@ -5633,6 +5726,9 @@ msgid ""
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
 "This examples shows only the ipa provider-specific options."
 msgstr ""
+"L'exemple suivant suppose que SSSD est correctement configuré et exemple.com "
+"est un des domaines de la section <replaceable>[sssd]</replaceable>. Ces "
+"exemples montrent seulement les options spécifiques au fournisseur IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-ipa.5.xml:553
@@ -5643,6 +5739,10 @@ msgid ""
 "    ipa_server = ipaserver.example.com\n"
 "    ipa_hostname = myhost.example.com\n"
 msgstr ""
+"    [domain/exemple.com]\n"
+"    id_provider = ipa\n"
+"    ipa_server = ipaserver.exemple.com\n"
+"    ipa_hostname = mon_hôte.exemple.com\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:564
@@ -5654,6 +5754,12 @@ msgid ""
 "citerefentry>, <citerefentry> <refentrytitle>sssd</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 msgstr ""
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd.8.xml:10 sssd.8.xml:15
@@ -5671,6 +5777,8 @@ msgid ""
 "<command>sssd</command> <arg choice='opt'> <replaceable>options</"
 "replaceable> </arg>"
 msgstr ""
+"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.8.xml:31
@@ -5683,6 +5791,14 @@ msgid ""
 "FreeIPA. It provides a more robust database to store local users as well as "
 "extended user data."
 msgstr ""
+"<command>SSSD</command> fournit un jeu de démons pour gérer l'accès à des "
+"dossiers distants et des mécanismes d'authentification. Il fournit une "
+"interface NSS et PAM au travers du système et un moteur système intégré pour "
+"se connecter à de multiples comptes de source différente tout comme "
+"l'interface D-Bus. C'est aussi un moyen de fournir un audit client et une "
+"politique de services pour les projets tels que FreeIPA. Il fournit une base "
+"de donnée plus robuste pour stocker les utilisateurs locaux ainsi que les "
+"données des utilisateurs étendus."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:46
@@ -5727,7 +5843,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:79
 msgid "Default: 0"
-msgstr "Défaut : 0"
+msgstr "Par défaut : 0"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:85
@@ -5741,6 +5857,10 @@ msgid ""
 "are stored in <filename>/var/log/sssd</filename> and there are separate log "
 "files for every SSSD service and domain."
 msgstr ""
+"Envoie la sortie de débogage vers des fichiers plutôt que vers la sortie "
+"standard d'erreurs. Par défaut, les fichiers de sortie sont stockés dans "
+"<filename>/var/log/sssd</filename> et des fichiers différents sont créés "
+"pour chaque service et domaine SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:97
@@ -5750,7 +5870,7 @@ msgstr "<option>-D</option>,<option>--daemon</option>"
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:101
 msgid "Become a daemon after starting up."
-msgstr ""
+msgstr "Se transforme en démon au prochain redémarrage."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:107
@@ -5760,21 +5880,26 @@ msgstr "<option>-i</option>,<option>--interactive</option>"
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:111
 msgid "Run in the foreground, don't become a daemon."
-msgstr ""
+msgstr "Tourne un avant-plan et ne devient pas un démon."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
+#: sssd.8.xml:117 sss_debuglevel.8.xml:42
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr "<option>-c</option>,<option>--config</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
+#: sssd.8.xml:121 sss_debuglevel.8.xml:46
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
 "consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
 "<manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
+"Définit un fichier de configuration pas par défaut. Par défaut c'est "
+"<filename>/etc/sssd/sssd.conf</filename>. Pour avoir des informations sur la "
+"syntaxe et les options du fichier de configuration, veuillez consulter les "
+"pages du manuel de <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:135
@@ -5802,6 +5927,8 @@ msgid ""
 "Informs the SSSD to gracefully terminate all of its child processes and then "
 "shut down the monitor."
 msgstr ""
+"Indique à SSSD de fermer normalement tous ses processus fils et après "
+"d'éteindre le moniteur."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:159
@@ -5815,6 +5942,9 @@ msgid ""
 "close and reopen them. This is meant to facilitate log rolling with programs "
 "like logrotate."
 msgstr ""
+"Précise à SSSD de ne plus écrire vers son fichier de débogage actuel, de le "
+"fermer et de le rouvrir. Cela permet de faciliter les roulements de fichiers "
+"de sortie avec des programmes tels que logrotate."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:170
@@ -5827,6 +5957,8 @@ msgid ""
 "Tells the SSSD to simulate offline operation for one minute. This is mostly "
 "useful for testing purposes."
 msgstr ""
+"Précise à SSSD de simuler une opération hors-ligne pendant une minute. C'est "
+"surtout utile pour faire des tests."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:179
@@ -5839,6 +5971,8 @@ msgid ""
 "Tells the SSSD to go online immediately. This is mostly useful for testing "
 "purposes."
 msgstr ""
+"Précise à SSSD de passer en mode hors-ligne immédiatement. C'est surtout "
+"utile pour faire des tests."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.8.xml:193
@@ -5855,6 +5989,17 @@ msgid ""
 "<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>."
 msgstr ""
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
@@ -5873,6 +6018,9 @@ msgid ""
 "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
 "replaceable></arg>"
 msgstr ""
+"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>[MOT_DE_PASSE]</"
+"replaceable></arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_obfuscate.8.xml:32
@@ -5881,6 +6029,9 @@ msgid ""
 "unreadable format and places it into appropriate domain section of the SSSD "
 "config file."
 msgstr ""
+"<command>sss_obfuscate</command> convertit un mot de passe donné en un "
+"format lisible et le place dans la section du domaine afférent au fichier de "
+"configuration SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_obfuscate.8.xml:37
@@ -5893,6 +6044,13 @@ msgid ""
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry> for more details on these parameters."
 msgstr ""
+"Le mot de passe en clair est lu dans l'entrée standard ou entrée "
+"interactivement. Les mots de passes chiffrés sont mis dans "
+"<quote>ldap_default_authtok</quote> pour un domaine SSSD donné et le "
+"paramètre <quote>ldap_default_authtok_type</quote> est définit à "
+"<quote>obfuscated_password</quote>. Se référer à <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> pour plus de détails sur ces paramètres."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_obfuscate.8.xml:49
@@ -5903,23 +6061,31 @@ msgid ""
 "such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
 "advised."
 msgstr ""
+"Veuillez noter que les mots de passe chiffrés ne fournissent <emphasis>aucun "
+"réel bénéfice de sécurité</emphasis> étant donné qu'il est possible de "
+"retrouver le mot de passe par ingénierie-inverse. utiliser un meilleur "
+"mécanisme d'authentification tel que les certificats côté client ou GSSAPI "
+"est <emphasis>très</emphasis> conseillé."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:63
 msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
+msgstr "<option>-s</option>,<option>--stdin</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_obfuscate.8.xml:67
 msgid "The password to obfuscate will be read from standard input."
-msgstr ""
+msgstr "Le mot de passe chiffré sera lu sur l'entrée standard."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:82
+#: sss_ssh_knownhostsproxy.1.xml:81
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
 msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAINE</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_obfuscate.8.xml:79
@@ -5927,22 +6093,26 @@ msgid ""
 "The SSSD domain to use the password in. The default name is <quote>default</"
 "quote>."
 msgstr ""
+"Le domaine SSSD auquel est lié le mot de passe. Le nom par défaut est "
+"<quote>default</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:86
 msgid ""
 "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
 msgstr ""
+"<option>-f</option>,<option>--file</option> <replaceable>FICHIER</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_obfuscate.8.xml:91
 msgid "Read the config file specified by the positional parameter."
-msgstr ""
+msgstr "Lit le fichier de configuration spécifié par le paramètre."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_obfuscate.8.xml:95
 msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
+msgstr "Par défaut : <filename>/etc/sssd/sssd.conf</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_obfuscate.8.xml:105
@@ -5950,6 +6120,8 @@ msgid ""
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>"
 msgstr ""
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_useradd.8.xml:10 sss_useradd.8.xml:15
@@ -5968,6 +6140,9 @@ msgid ""
 "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
 "arg>"
 msgstr ""
+"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>NOM_D_UTILISATEUR</"
+"replaceable></arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_useradd.8.xml:32
@@ -5975,12 +6150,16 @@ msgid ""
 "<command>sss_useradd</command> creates a new user account using the values "
 "specified on the command line plus the default values from the system."
 msgstr ""
+"<command>sss_useradd</command> crée un nouveau compte utilisateur en "
+"utilisant les valeurs spécifiées en ligne de commande auquelles sont "
+"ajoutées les valeurs par défaut du système."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:43
 msgid ""
 "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
 msgstr ""
+"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:48
@@ -5988,6 +6167,8 @@ msgid ""
 "Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
 "not given, it is chosen automatically."
 msgstr ""
+"Définit l'UID de l'utilisateur à la valeur <replaceable>UID</replaceable>. "
+"Si non précisé, il est choisit automatiquement."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:55 sss_usermod.8.xml:43
@@ -5995,6 +6176,8 @@ msgid ""
 "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
 "replaceable>"
 msgstr ""
+"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENTAIRE</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:60 sss_usermod.8.xml:48
@@ -6002,6 +6185,8 @@ msgid ""
 "Any text string describing the user. Often used as the field for the user's "
 "full name."
 msgstr ""
+"Toute chaîne de caractère décrivant l'utilisateur. Souvent utilisé comme "
+"champ pour le nom entier de l'utilisateur."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:67 sss_usermod.8.xml:55
@@ -6009,6 +6194,8 @@ msgid ""
 "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
 "replaceable>"
 msgstr ""
+"<option>-h</option>,<option>--home</option> "
+"<replaceable>RÉPERTOIRE_PERSONNEL</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:72
@@ -6019,12 +6206,19 @@ msgid ""
 "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
 "baseDirectory</quote> setting in sssd.conf."
 msgstr ""
+"Le répertoire personnel du compte utilisateur. Par défaut, on ajoute "
+"<replaceable>NOM_D_UTILISATEUR</replaceable> à <filename>/home</filename> et "
+"on utilise cela comme dossier personnel. La base précédent "
+"<replaceable>NOM_D_UTILISATEUR</replaceable> est modifiable avec le "
+"paramètre <quote>user_defaults/baseDirectory</quote> dans sssd.conf."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:82 sss_usermod.8.xml:66
 msgid ""
 "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
 msgstr ""
+"<option>-s</option>,<option>--shell</option> "
+"<replaceable>INTERPRÉTEUR_DE_COMMANDE</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:87
@@ -6033,6 +6227,9 @@ msgid ""
 "filename>.  The default can be changed with <quote>user_defaults/"
 "defaultShell</quote> setting in sssd.conf."
 msgstr ""
+"L'interpréteur de commande de l'utilisateur. Par défaut c'est actuellement "
+"<filename>/bin/bash</filename>. Cette valeur par défaut peut être modifiée "
+"avec le paramètre <quote>user_defaults/defaultShell</quote> dans sssd.conf."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:96
@@ -6040,16 +6237,18 @@ msgid ""
 "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
 "replaceable>"
 msgstr ""
+"<option>-G</option>,<option>--groups</option> <replaceable>GROUPES</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:101
 msgid "A list of existing groups this user is also a member of."
-msgstr ""
+msgstr "Une liste de groupes existants dont l'utilisateur est aussi un membre."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:107
 msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
+msgstr "<option>-m</option>,<option>--create-home</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:111
@@ -6058,17 +6257,23 @@ msgid ""
 "directories contained in the skeleton directory (which can be defined with "
 "the -k option or in the config file) will be copied to the home directory."
 msgstr ""
+"Crée le répertoire personne de l'utilisateur s'il n'existe pas. Les fichiers "
+"et répertoires inclus dans le répertoire squelette (pouvant être définit "
+"avec l'option -k ou dans le fichier de configuration) sont copiés dans le "
+"dossier personnel."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:121
 msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
+msgstr "<option>-M</option>,<option>--no-create-home</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:125
 msgid ""
 "Do not create the user's home directory. Overrides configuration settings."
 msgstr ""
+"Ne pas créer de dossier personnel pour l'utilisateur. Écrase les paramètres "
+"de configuration."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:132
@@ -6076,6 +6281,8 @@ msgid ""
 "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
 "replaceable>"
 msgstr ""
+"<option>-k</option>,<option>--skel</option> "
+"<replaceable>RÉPERTOIRE_SQUELETTE</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:137
@@ -6084,6 +6291,9 @@ msgid ""
 "the user's home directory, when the home directory is created by "
 "<command>sss_useradd</command>."
 msgstr ""
+"Le répertoire squelette, contenant les fichiers et répertoires à copier dans "
+"le répertoire personnel de l'utilisateur, quand le répertoire personnel est "
+"créé par <command>sss_useradd</command>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:143
@@ -6092,6 +6302,9 @@ msgid ""
 "home</option>) option is specified, or creation of home directories is set "
 "to TRUE in the configuration."
 msgstr ""
+"L'option n'est valide que si l'option <option>-m</option> (ou <option>--"
+"create-home</option>) est utilisée ou si la création de répertoires "
+"personnels est sur VRAI dans la configuration."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:152 sss_usermod.8.xml:124
@@ -6099,6 +6312,8 @@ msgid ""
 "<option>-Z</option>,<option>--selinux-user</option> "
 "<replaceable>SELINUX_USER</replaceable>"
 msgstr ""
+"<option>-Z</option>,<option>--selinux-user</option> "
+"<replaceable>UTILISATEUR_SELINUX</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:157
@@ -6106,6 +6321,8 @@ msgid ""
 "The SELinux user for the user's login. If not specified, the system default "
 "will be used."
 msgstr ""
+"L'utilisateur SELinux pour la connexion utilisateur. Si non spécifié, la "
+"valeur par défaut du système est utilisée."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_useradd.8.xml:169
@@ -6120,6 +6337,15 @@ msgid ""
 "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 msgstr ""
+"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
@@ -6136,6 +6362,12 @@ msgid ""
 "the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry> manual page"
 msgstr ""
+"Cette page de manuel décrit la configuration du moteur d'authentification de "
+"Kerberos 5 pour <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>. Pour une référence détaillée sur "
+"la syntaex, veuillez vous référer à la section <quote>FORMAT DE FICHIER</"
+"quote> du manuel de <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-krb5.5.xml:36
@@ -6149,6 +6381,15 @@ msgid ""
 "page for the applicable identity provider for details on how to configure "
 "this."
 msgstr ""
+"Le moteur d'authentification Kerberos 5 contient les fournisseurs "
+"d'autentification et de changement de mot de passe. Il doit être couplé avec "
+"un fournisseur d'identité de manière à fonctionner proprement (par exemple, "
+"id_provider = ldap). Quelques informations requises par le moteur "
+"d'authentification Kerberos 5 doit être fournit par le fournisseur "
+"d'identité, telles que le nom principal de l'utilisateur Kerberos (UPN). La "
+"configuration du fournisseur d'identité doit avoir une entrée pour spécifier "
+"l'UPN. Veuillez vous référer aux pages du manuel du fournisseur d'identité "
+"ad-hoc pour pouvoir le configurer."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-krb5.5.xml:47
@@ -6160,6 +6401,12 @@ msgid ""
 "To activate this feature use 'access_provider = krb5' in your sssd "
 "configuration."
 msgstr ""
+"Ce moteur fournit aussi un contrôle d'accès sur le fichier .k5login dans le "
+"répertoire personnel de l'utilisateur. Voir <citerefentry> <refentrytitle>."
+"k5login</refentrytitle><manvolnum>5</manvolnum> </citerefentry> pour plus de "
+"détails. Veuillez noter qu'un fichier .k5login vide interdira tout accès "
+"pour cet utilisateur. Pour activer cette option, utilisez « access_provider "
+"= krb5 » dans votre configuration de sssd."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-krb5.5.xml:55
@@ -6168,6 +6415,9 @@ msgid ""
 "<command>sssd</command> will construct a UPN using the format "
 "<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
 msgstr ""
+"Dans le cas où l'UPN n'est pas valide dans le moteur d'identité "
+"<command>sssd</command> construira un UPN en utilisant le format "
+"<replaceable>utilisateur</replaceable>@<replaceable>krb5_realm</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:106
@@ -6175,6 +6425,8 @@ msgid ""
 "The name of the Kerberos realm. This option is required and must be "
 "specified."
 msgstr ""
+"Le nom du domaine Kerberos. Cette option est nécessaire et doit être "
+"renseignée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:113
@@ -6197,11 +6449,15 @@ msgid ""
 "kpasswd servers to try the back end is not switch to offline if "
 "authentication against the KDC is still possible."
 msgstr ""
+"Pour plus d'information sur le basculement et la redondance serveur, voir la "
+"section <quote>BASCULEMENT</quote>. Veuillez noter que même si il n'y a plus "
+"de serveurs kpasswd à essayer, le moteur n'est pas passé en mode hors-ligne "
+"si l'authentification KDC est toujours possible."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:129
 msgid "Default: Use the KDC"
-msgstr "Défaut : utiliser le KDC"
+msgstr "Par défaut : utiliser le KDC"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:135
@@ -6219,11 +6475,19 @@ msgid ""
 "<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
 "citerefentry> for details) is created."
 msgstr ""
+"Répertoire pour stocker les caches crédits. Toutes les séquences de "
+"substitution de krb5_ccname_template peut être utilisée ici, aussi, hormis "
+"%d et %P. Si le dossier n'existe pas il sera créé. Si %u, %U, %p ou %h sont "
+"utilisés un répertoire privé appartenant à l'utilisateur est créé. Sinon un "
+"répertoire public avec un drapeau de restriction à la suppression (aussi "
+"appelé « sticky bit », voir <citerefentry> <refentrytitle>chmod</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> pour plus de "
+"détails) est créé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:151
 msgid "Default: /tmp"
-msgstr "Défaut : /tmp"
+msgstr "Par défaut : /tmp"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:157
@@ -6233,7 +6497,7 @@ msgstr "krb5_ccname_template (chaîne)"
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:171
 msgid "login UID"
-msgstr ""
+msgstr "identifiant UID"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:174
@@ -6253,7 +6517,7 @@ msgstr "%r"
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:180
 msgid "realm name"
-msgstr ""
+msgstr "nom de domaine"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:183
@@ -6263,12 +6527,12 @@ msgstr "%h"
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:184
 msgid "home directory"
-msgstr ""
+msgstr "répertoire personnel"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:189
 msgid "value of krb5ccache_dir"
-msgstr ""
+msgstr "valeur de krb5ccache_dir"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:194
@@ -6278,7 +6542,7 @@ msgstr "%P"
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:195
 msgid "the process ID of the sssd client"
-msgstr ""
+msgstr "l'ID de processus du client sssd"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:160
@@ -6289,11 +6553,16 @@ msgid ""
 "ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
 "way."
 msgstr ""
+"Emplacement du cache de crédits utilisateur. Actuellement, seuls les "
+"fichiers cache de crédits sont acceptés. Dans le modèle, les séquences "
+"suivantes sont substituées : <placeholder type=\"variablelist\" id=\"0\"/> "
+"si le modèle se termine par « XXXXXX », mkstemp(3) est utlisé pour créer un "
+"nom de fichier unique de manière sécurisée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:209
 msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
+msgstr "Par défaut : FICHIER:%d/krb5cc_%U_XXXXXX"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:215
@@ -6306,6 +6575,9 @@ msgid ""
 "Timeout in seconds after an online authentication or change password request "
 "is aborted. If possible the authentication request is continued offline."
 msgstr ""
+"Délai d'attente, en secondes, après une requête d'authentification en ligne "
+"ou de changement de mot de passe annulé. Si possible la requête "
+"d'authentification sera effectuée hors-ligne."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:241
@@ -6318,11 +6590,13 @@ msgid ""
 "The location of the keytab to use when validating credentials obtained from "
 "KDCs."
 msgstr ""
+"L'emplacement du fichier keytab à utiliser pour valider les crédits obtenus "
+"à partir de KDC."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:248
 msgid "Default: /etc/krb5.keytab"
-msgstr "Défaut : /etc/krb5.keytab"
+msgstr "Par défaut : /etc/krb5.keytab"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:254
@@ -6335,6 +6609,8 @@ msgid ""
 "Store the password of the user if the provider is offline and use it to "
 "request a TGT when the provider gets online again."
 msgstr ""
+"Stocke le mot de passe de l'utilisateur si le fournisseur est hors-ligne et "
+"l'utilise pour obtenir un TGT quand le fournisseur revient en ligne."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:262
@@ -6355,31 +6631,34 @@ msgid ""
 "Request a renewable ticket with a total lifetime given by an integer "
 "immediately followed by one of the following delimiters:"
 msgstr ""
+"Demande un ticket renouvelable avec un temps de vie total donné par un "
+"entier immédiatement suivi par un des séparateurs suivants :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
 msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
+msgstr "<emphasis>s</emphasis> secondes"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
 msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
+msgstr "<emphasis>m</emphasis> minutes"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
 msgid "<emphasis>h</emphasis> hours"
-msgstr ""
+msgstr "<emphasis>h</emphasis> heures"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
 msgid "<emphasis>d</emphasis> days."
-msgstr ""
+msgstr "<emphasis>d</emphasis> jours."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
 msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
 msgstr ""
+"Si aucun séparateur n'est spécifié, <emphasis>s</emphasis> est considéré."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:299
@@ -6388,11 +6667,15 @@ msgid ""
 "renewable lifetime to one and a half hours please use '90m' instead of "
 "'1h30m'."
 msgstr ""
+"Veuillez noter qu'il n'est pas possible de mélanger les unités. Si vous "
+"voulez une durée de vie renouvelable de une heure et trente minutes, "
+"utilisez « 90m » à la place de « 1h30m »."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:305
 msgid "Default: not set, i.e. the TGT is not renewable"
 msgstr ""
+"Par défaut : non défini, c'est-à-dire que le TGT n'est pas renouvelable"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:311
@@ -6405,6 +6688,8 @@ msgid ""
 "Request ticket with a with a lifetime given by an integer immediately "
 "followed by one of the following delimiters:"
 msgstr ""
+"Demande un ticket avec un temps de vie donné par un entier immédiatement "
+"suivi par un des séparateurs suivant :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:335
@@ -6412,12 +6697,17 @@ msgid ""
 "Please note that it is not possible to mix units.  If you want to set the "
 "lifetime to one and a half hours please use '90m' instead of '1h30m'."
 msgstr ""
+"Veuillez noter qu'on ne peut pas mélanger les unités. Si vous voulez définir "
+"un temps de vie de une heure et demi, veuillez utilisere « 90m » au lieu de "
+"« 1h30 »."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:340
 msgid ""
 "Default: not set, i.e. the default ticket lifetime configured on the KDC."
 msgstr ""
+"Par défaut : non définit, c'est-à-dire le temps de vie par défaut configuré "
+"dans le KDC."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:347
@@ -6430,11 +6720,16 @@ msgid ""
 "The time in seconds between two checks if the TGT should be renewed. TGTs "
 "are renewed if about half of their lifetime is exceeded."
 msgstr ""
+"Le temps, en secondes, entre deux vérifications pour savoir si le TGT doit "
+"être renouvellé. Les TGT sont renouvellés si environ la moitié de leur temps "
+"de vie est dépassé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:355
 msgid "If this option is not set or 0 the automatic renewal is disabled."
 msgstr ""
+"Si cette option n'est pas définie ou mise à zéro le renouvellement "
+"automatique est désactivé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:365
@@ -6472,12 +6767,14 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:385
 msgid "Default: not set, i.e. FAST is not used."
-msgstr "Défaut : non défini, i.e. FAST n'est pas utilisé."
+msgstr "Par défaut : non défini, i.e. FAST n'est pas utilisé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:388
 msgid "Please note that a keytab is required to use fast."
 msgstr ""
+"Veuillez prendre note que le fichier keytab est nécessaire pour utiliser "
+"FAST."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:391
@@ -6495,7 +6792,7 @@ msgstr "krb5_fast_principal (chaîne)"
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:403
 msgid "Specifies the server principal to use for FAST."
-msgstr ""
+msgstr "Spécifie le serveur principal pour utiliser FAST."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:412
@@ -6532,6 +6829,10 @@ msgid ""
 "    krb5_server = 192.168.1.1\n"
 "    krb5_realm = EXAMPLE.COM\n"
 msgstr ""
+"    [domain/FOO]\n"
+"    auth_provider = krb5\n"
+"    krb5_server = 192.168.1.1\n"
+"    krb5_realm = EXEMPLE.COM\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-krb5.5.xml:453
@@ -6563,6 +6864,9 @@ msgid ""
 "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
 "arg>"
 msgstr ""
+"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GROUPE</replaceable></"
+"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_groupadd.8.xml:32
@@ -6723,6 +7027,9 @@ msgid ""
 "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
 "arg>"
 msgstr ""
+"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GROUPE</replaceable></"
+"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_groupdel.8.xml:32
@@ -6836,19 +7143,19 @@ msgid ""
 "<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
 "on the command line."
 msgstr ""
-"<command>sss_usermod</command> modifie le compte défini par "
+"<command>sss_usermod</command> modifie le compte définit par "
 "<replaceable>LOGIN</replaceable> pour refléter les modifications fournies en "
 "ligne de commande."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_usermod.8.xml:60
 msgid "The home directory of the user account."
-msgstr ""
+msgstr "Le répertoire personnel du compte utilisateur."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_usermod.8.xml:71
 msgid "The user's login shell."
-msgstr ""
+msgstr "L'interpréteur de commandes de l'utilisateur."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_usermod.8.xml:82
@@ -6913,6 +7220,321 @@ msgstr ""
 "citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_cache.8.xml:10 sss_cache.8.xml:15
+msgid "sss_cache"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_cache.8.xml:16
+msgid "perform cache cleanup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_cache.8.xml:21
+msgid ""
+"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_cache.8.xml:31
+msgid ""
+"<command>sss_cache</command> invalidates records in SSSD cache.  Invalidated "
+"records are forced to be reloaded from server as soon as related SSSD "
+"backend is online."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:42
+msgid ""
+"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:47
+msgid "Invalidate specific user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:53
+msgid "<option>-U</option>,<option>--users</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:57
+msgid ""
+"Invalidate all user records. This option overrides invalidation of specific "
+"user if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:64
+msgid ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:69
+msgid "Invalidate specific group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:75
+msgid "<option>-G</option>,<option>--groups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:79
+msgid ""
+"Invalidate all group records. This option overrides invalidation of specific "
+"group if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:86
+msgid ""
+"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:91
+msgid "Invalidate specific netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:97
+msgid "<option>-N</option>,<option>--netgroups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:101
+msgid ""
+"Invalidate all netgroup records. This option overrides invalidation of "
+"specific netgroup if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:108
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:113
+msgid "Restrict invalidation process only to a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
+msgid "sss_debuglevel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_debuglevel.8.xml:16
+msgid "change debug level while SSSD is running"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_debuglevel.8.xml:21
+msgid ""
+"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
+"replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_debuglevel.8.xml:32
+msgid ""
+"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
+"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
+"running."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_debuglevel.8.xml:59
+msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
+msgid "sss_ssh_authorizedkeys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
+msgid "1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_authorizedkeys.1.xml:16
+msgid "get OpenSSH authorized keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_authorizedkeys.1.xml:21
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>USER</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:32
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
+"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
+"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> for more information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:41
+msgid ""
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
+"command> for public key user authentication if it is compiled with support "
+"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
+"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:58
+#, no-wrap
+msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:51
+msgid ""
+"If <quote>AuthorizedKeysCommand</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by putting the following directive "
+"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:69
+#, no-wrap
+msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:62
+msgid ""
+"If <quote>PubkeyAgent</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by using the following directive "
+"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:87
+msgid ""
+"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:98
+msgid ""
+"<citerefentry> <refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sshd_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
+msgid "sss_ssh_knownhostsproxy"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_knownhostsproxy.1.xml:16
+msgid "get OpenSSH host keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_knownhostsproxy.1.xml:21
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
+"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:33
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
+"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
+"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
+"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> for more information)  <filename>/var/lib/sss/"
+"pubconf/known_hosts</filename> and estabilishes connection to the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:43
+msgid ""
+"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
+"create the connection to the host instead of opening a socket."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_knownhostsproxy.1.xml:55
+#, no-wrap
+msgid ""
+"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
+"GlobalKnownHostsFile2 /var/lib/sss/pubconf/known_hosts\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:48
+msgid ""
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</"
+"command> for host key authentication by using the following directives for "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_ssh_knownhostsproxy.1.xml:69
+msgid ""
+"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:74
+msgid ""
+"Use port <replaceable>PORT</replaceable> to connect to the host.  By "
+"default, port 22 is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:86
+msgid ""
+"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:97
+msgid ""
+"<citerefentry> <refentrytitle>ssh</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>ssh_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -6986,7 +7608,7 @@ msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>"
 #. type: Content of: <refsect1><title>
 #: include/failover.xml:2
 msgid "FAILOVER"
-msgstr "FAILOVER"
+msgstr "BASCULEMENT"
 
 #. type: Content of: <refsect1><para>
 #: include/failover.xml:4
@@ -6998,7 +7620,7 @@ msgstr ""
 #. type: Content of: <refsect1><refsect2><title>
 #: include/failover.xml:8
 msgid "Failover Syntax"
-msgstr "Syntaxe de Failover"
+msgstr "Syntaxe de basculement"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/failover.xml:10
@@ -7011,7 +7633,7 @@ msgstr ""
 #. type: Content of: <refsect1><refsect2><title>
 #: include/failover.xml:17
 msgid "The Failover Mechanism"
-msgstr "Mécanisme de failover"
+msgstr "Mécanisme de basculement"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/failover.xml:19
@@ -7052,5 +7674,112 @@ msgstr "<option>-h</option>,<option>--help</option>"
 msgid "Display help message and exit."
 msgstr "Affiche l'aide et quitte."
 
-#~ msgid "Supported services: nss, pam"
-#~ msgstr "Services supportés : nss, pam"
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:3
+msgid ""
+"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
+"default value as well as the lowest allowed value, 0xFFF0 is the most "
+"verbose mode. This setting overrides the settings from config file."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:8
+msgid "Currently supported debug levels:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:11
+msgid ""
+"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
+"SSSD from starting up or causes it to cease running."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:15
+msgid ""
+"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
+"the SSSD, but one that indicates that at least one major feature is not "
+"going to work properly."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:20
+msgid ""
+"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
+"particular request or operation has failed."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:24
+msgid ""
+"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
+"percolate down to cause the operation failure of 2."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:28
+msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:31
+msgid "<emphasis>0x0200</emphasis>: Function data."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:34
+msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:37
+msgid ""
+"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:40
+msgid ""
+"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
+"may be interesting."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:43
+msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:46
+msgid ""
+"To log required debug levels, simply add their numbers together as shown in "
+"following examples:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:49
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
+"serious failures and function data use 0x0270."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:53
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
+"function data, trace messages for internal control functions use 0x1310."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:57
+msgid ""
+"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
+"1.7.0.  Older format (numbers from 0-10) is compatible but deprecated."
+msgstr ""
+
+#. type: Content of: outside any tag (error?)
+#: include/experimental.xml:1
+msgid ""
+"<emphasis> This is an experimental feature, please use http://fedorahosted."
+"org/sssd to report any issues.  </emphasis>"
+msgstr ""
diff --git a/src/man/po/hu.po b/src/man/po/hu.po
deleted file mode 100644
index c0edc5bfb..000000000
--- a/src/man/po/hu.po
+++ /dev/null
@@ -1,6313 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Hungarian <trans-hu@lists.fedoraproject.org>\n"
-"Language: hu\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/id.po b/src/man/po/id.po
deleted file mode 100644
index cc6d5aec3..000000000
--- a/src/man/po/id.po
+++ /dev/null
@@ -1,6313 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Indonesian <trans-id@lists.fedoraproject.org>\n"
-"Language: id\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=1; plural=0\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/it.po b/src/man/po/it.po
deleted file mode 100644
index 03a22f0b0..000000000
--- a/src/man/po/it.po
+++ /dev/null
@@ -1,6313 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Italian <trans-it@lists.fedoraproject.org>\n"
-"Language: it\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/ja.po b/src/man/po/ja.po
index 63997473f..ffa0e593f 100644
--- a/src/man/po/ja.po
+++ b/src/man/po/ja.po
@@ -3,13 +3,16 @@
 # This file is distributed under the same license as the sssd-docs package.
 #
 # Translators:
+# Tadashi Jokagi <elf2000@gmail.com>, 2012.
+# Tomoyuki KATO <tomo@dream.daynight.jp>, 2012.
+#   <www.carrotsoft@gmail.com>, 2012.
 msgid ""
 msgstr ""
 "Project-Id-Version: SSSD\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"POT-Creation-Date: 2012-03-12 16:37-0300\n"
+"PO-Revision-Date: 2012-03-09 23:57+0000\n"
+"Last-Translator: Tomoyuki KATO <tomo@dream.daynight.jp>\n"
 "Language-Team: Japanese <trans-ja@lists.fedoraproject.org>\n"
 "Language: ja\n"
 "MIME-Version: 1.0\n"
@@ -22,27 +25,30 @@ msgstr ""
 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
 #: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
 #: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
+#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5
+#: sss_debuglevel.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_ssh_knownhostsproxy.1.xml:5
 msgid "SSSD Manual pages"
-msgstr ""
+msgstr "SSSD マニュアル ページ"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
 msgid "sss_groupmod"
-msgstr ""
+msgstr "sss_groupmod"
 
 #. type: Content of: <reference><refentry><refmeta><manvolnum>
 #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
+#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11
+#: sss_debuglevel.8.xml:11
 msgid "8"
-msgstr ""
+msgstr "8"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_groupmod.8.xml:16
 msgid "modify a group"
-msgstr ""
+msgstr "グループを変更���。"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_groupmod.8.xml:21
@@ -51,6 +57,9 @@ msgid ""
 "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
 "arg>"
 msgstr ""
+"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
@@ -58,8 +67,10 @@ msgstr ""
 #: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
 #: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
 #: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
+#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_ssh_authorizedkeys.1.xml:30
+#: sss_ssh_knownhostsproxy.1.xml:31
 msgid "DESCRIPTION"
-msgstr ""
+msgstr "概�"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_groupmod.8.xml:32
@@ -67,13 +78,17 @@ msgid ""
 "<command>sss_groupmod</command> modifies the group to reflect the changes "
 "that are specified on the command line."
 msgstr ""
+"<command>sss_groupmod</command> �コマンドライン����指定�れ�変更を�映"
+"�るよ�グループを変更���。"
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
+#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_ssh_authorizedkeys.1.xml:78
+#: sss_ssh_knownhostsproxy.1.xml:65
 msgid "OPTIONS"
-msgstr ""
+msgstr "オプション"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
@@ -81,6 +96,8 @@ msgid ""
 "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
 "replaceable>"
 msgstr ""
+"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_groupmod.8.xml:48
@@ -89,6 +106,9 @@ msgid ""
 "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
 "a comma separated list of group names."
 msgstr ""
+"��グループを <replaceable>GROUPS</replaceable> パラメーター�より指定�れ�"
+"グループ�追加���。 <replaceable>GROUPS</replaceable> パラメーター�グルー"
+"プ��カンマ区切り一覧��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
@@ -96,6 +116,8 @@ msgid ""
 "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
 "replaceable>"
 msgstr ""
+"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_groupmod.8.xml:62
@@ -103,16 +125,19 @@ msgid ""
 "Remove this group from groups specified by the <replaceable>GROUPS</"
 "replaceable> parameter."
 msgstr ""
+"��グループを <replaceable>GROUPS</replaceable> パラメーター�より指定�れ�"
+"グループ�ら削除���。"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
 #: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
+#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sss_ssh_knownhostsproxy.1.xml:95
 msgid "SEE ALSO"
-msgstr ""
+msgstr "関連項目"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_groupmod.8.xml:74
@@ -127,34 +152,43 @@ msgid ""
 "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 msgstr ""
+"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd.conf.5.xml:10 sssd.conf.5.xml:16
 msgid "sssd.conf"
-msgstr ""
+msgstr "sssd.conf"
 
 #. type: Content of: <reference><refentry><refmeta><manvolnum>
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
 msgid "5"
-msgstr ""
+msgstr "5"
 
 #. type: Content of: <reference><refentry><refmeta><refmiscinfo>
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
 #: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
 msgid "File Formats and Conventions"
-msgstr ""
+msgstr "ファイル形��よ�変�"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
 #: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
 msgid "the configuration file for SSSD"
-msgstr ""
+msgstr "SSSD �設定ファイル"
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd.conf.5.xml:21
 msgid "FILE FORMAT"
-msgstr ""
+msgstr "ファイルフォーマット"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd.conf.5.xml:29
@@ -165,6 +199,10 @@ msgid ""
 "                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
 "            "
 msgstr ""
+"                <replaceable>[section]</replaceable>\n"
+"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
+"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
+"            "
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:24
@@ -174,6 +212,10 @@ msgid ""
 "until the next section begins. An example of section with single and multi-"
 "valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
+"ファイル� ini 形��構文を���セクション�パラメーター�ら構��れ��。セ"
+"クション�角括弧��るセクション��ら始�り�次�セクション�始�る��続�"
+"��。 1 �セクション�複数�値を��パラメーター�例: <placeholder type="
+"\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:36
@@ -181,6 +223,8 @@ msgid ""
 "The data types used are string (no quotes needed), integer and bool (with "
 "values of <quote>TRUE/FALSE</quote>)."
 msgstr ""
+"使用�れるデータ形���文字列（引用符���）�整数�よ�論�値"
+"（<quote>TRUE/FALSE</quote> �値）��。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:41
@@ -188,6 +232,8 @@ msgid ""
 "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
 "(<quote>;</quote>)"
 msgstr ""
+"行コメント���ッシュ記� (<quote>#</quote>) ���セミコロン (<quote>;</"
+"quote>) �ら始�り��。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:46
@@ -195,6 +241,8 @@ msgid ""
 "All sections can have an optional <replaceable>description</replaceable> "
 "parameter. Its function is only as a label for the section."
 msgstr ""
+"����セクション�オプション� <replaceable>description</replaceable> パラ"
+"メーターを����。��機能�セクション�ラベル�������。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:52
@@ -202,26 +250,28 @@ msgid ""
 "<filename>sssd.conf</filename> must be a regular file, owned by root and "
 "only root may read from or write to the file."
 msgstr ""
+"<filename>sssd.conf</filename> ��root �より所有�れ�root ���読�書��"
+"�る�通常�ファイル��る必���り��。"
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd.conf.5.xml:58
 msgid "SPECIAL SECTIONS"
-msgstr ""
+msgstr "特別セクション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sssd.conf.5.xml:61
 msgid "The [sssd] section"
-msgstr ""
+msgstr "[sssd] セクション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
 msgid "Section parameters"
-msgstr ""
+msgstr "セクション�パラメーター"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:72
 msgid "config_file_version (integer)"
-msgstr ""
+msgstr "config_file_version (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:75
@@ -229,28 +279,32 @@ msgid ""
 "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
 "version 2."
 msgstr ""
+"設定ファイル�構文�何��るカを指示���。SSSD 0.6.0 �よ��れ以���ー"
+"ジョン 2 を使用���。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:81
 msgid "services"
-msgstr ""
+msgstr "services"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:84
 msgid ""
 "Comma separated list of services that are started when sssd itself starts."
-msgstr ""
+msgstr "sssd 自身�開始�る���開始�れるサービス�カンマ区切り一覧��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:88
 msgid ""
 "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
 msgstr ""
+"サ�ート�れるサービス: nss, pam <phrase condition=\"with_sudo\">, sudo</"
+"phrase>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:94 sssd.conf.5.xml:257
 msgid "reconnection_retries (integer)"
-msgstr ""
+msgstr "reconnection_retries (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:97 sssd.conf.5.xml:260
@@ -258,16 +312,18 @@ msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
+"データプロ�イダー�クラッシュ����起動��場��サービス��接続を��ら"
+"�る��試行�る回数��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:102 sssd.conf.5.xml:265
 msgid "Default: 3"
-msgstr ""
+msgstr "�期値: 3"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:107
 msgid "domains"
-msgstr ""
+msgstr "domains"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:110
@@ -277,11 +333,14 @@ msgid ""
 "start.  This parameter described the list of domains in the order you want "
 "them to be queried."
 msgstr ""
+"ドメイン�ユーザー情報を�むデータベース��。SSSD ��時�複数�ドメインを使"
+"用������少���も一�を設定�る必���り��。�も��れ� SSSD �開"
+"始����ん。��パラメーター�検索���ドメイン�一覧を表�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:120
 msgid "re_expression (string)"
-msgstr ""
+msgstr "re_expression (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:123
@@ -289,6 +348,8 @@ msgid ""
 "Regular expression that describes how to parse the string containing user "
 "name and domain into these components."
 msgstr ""
+"�れら�構��素�中��るユーザー��ドメインを�む文字列を構文解��る方法"
+"を表�正�表���。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:127
@@ -297,6 +358,9 @@ msgid ""
 "which translates to \"the name is everything up to the <quote>@</quote> "
 "sign, the domain everything after that\""
 msgstr ""
+"�期値: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> �"
+"�。\"the name is everything up to the <quote>@</quote> sign, the domain "
+"everything after that\" �解釈�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:132
@@ -312,11 +376,13 @@ msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
+"関連注記: ���ージョン� libpcre �サブパターンをラベル付��る��� "
+"Python 構文 (?P&lt;name&gt;) ��をサ�ート���。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:146
 msgid "full_name_format (string)"
-msgstr ""
+msgstr "full_name_format (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:149
@@ -325,16 +391,19 @@ msgid ""
 "manvolnum> </citerefentry>-compatible format that describes how to translate "
 "a (name, domain) tuple into a fully qualified name."
 msgstr ""
+"（���ドメイン）�組を完全修飾��変��る方法を表� <citerefentry> "
+"<refentrytitle>printf</refentrytitle> <manvolnum>3</manvolnum> </"
+"citerefentry> 互��形���。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:157
 msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
+msgstr "�期値: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:162
 msgid "try_inotify (boolean)"
-msgstr ""
+msgstr "try_inotify (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:165
@@ -344,6 +413,10 @@ msgid ""
 "this, and will fall back to polling resolv.conf every five seconds if "
 "inotify cannot be used."
 msgstr ""
+"SSSD ��内部 DNS リゾル�ーを更新�る必���る��を�識�る����resolv."
+"conf �状態を監視���。�期状態�������� inotify を使用�よ����"
+"�。inotify �使用����場� 5 秒��� resolv.conf を�ーリング�るよ�"
+"フォール�ック���。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:173
@@ -352,6 +425,9 @@ msgid ""
 "even trying to use inotify. In these rare cases, this option should be set "
 "to 'false'"
 msgstr ""
+"inotify を使用�る��をスキップ�る���望���������制��れ�状�"
+"��り��。�れら����場������オプション� 'false' �設定�れる��"
+"��"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:179
@@ -359,6 +435,8 @@ msgid ""
 "Default: true on platforms where inotify is supported. False on other "
 "platforms."
 msgstr ""
+"�期値: inotify �サ�ート�れるプラットフォーム�����真��。他�プラッ"
+"トフォーム��������。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:183
@@ -366,11 +444,13 @@ msgid ""
 "Note: this option will have no effect on platforms where inotify is "
 "unavailable. On these platforms, polling will always be used."
 msgstr ""
+"注: ��オプション� inotify �利用��能�プラットフォーム����効果��り"
+"��ん。�れら�プラットフォーム�������ーリング�常�使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:190
 msgid "krb5_rcache_dir (string)"
-msgstr ""
+msgstr "krb5_rcache_dir (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:193
@@ -378,6 +458,8 @@ msgid ""
 "Directory on the filesystem where SSSD should store Kerberos replay cache "
 "files."
 msgstr ""
+"SSSD � Kerberos リプレイキャッシュファイルを�存�るファイルシステム�ディレ"
+"クトリー��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:197
@@ -385,6 +467,8 @@ msgid ""
 "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
 "SSSD to let libkrb5 decide the appropriate location for the replay cache."
 msgstr ""
+"��オプション��libkrb5 �リプレイキャッシュ�対�る�切�場所を決�られる"
+"よ� SSSD �指示�る�特別�値 __LIBKRB5_DEFAULTS__ を��付���。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:203
@@ -392,6 +476,8 @@ msgid ""
 "Default: Distribution-specific and specified at build-time. "
 "(__LIBKRB5_DEFAULTS__ if not configured)"
 msgstr ""
+"�期値: ディストリビューション固有��構築時�指定�れ��。 (設定�れ���"
+"�れ� __LIBKRB5_DEFAULTS__ ��)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sssd.conf.5.xml:63
@@ -403,11 +489,16 @@ msgid ""
 "some other important options like the identity domains.  <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
+"SSSD �機能��部分� SSSD �一緒�開始�よ��止�れる特別� SSSD サービス�"
+"より�供�れ��。特別�サービス�より管��れるサービス�よ�<quote>モニター"
+"</quote>�呼�れ��。<quote>[sssd]</quote> セクション��モニター����"
+"��識別ドメイン�よ��他����オプションを設定�る���使用�れ��。 "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd.conf.5.xml:216
 msgid "SERVICES SECTIONS"
-msgstr ""
+msgstr "サービスセクション"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:218
@@ -417,118 +508,151 @@ msgid ""
 "section, for example, for NSS service, the section would be <quote>[nss]</"
 "quote>"
 msgstr ""
+"異�るサービスを設定�る���使用�れる設定���セクション�記述�れ��。"
+"�れら� [<replaceable>$NAME</replaceable>] セクション�置�れ��。���"
+"��NSS サービス� <quote>[nss]</quote> セクション��"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sssd.conf.5.xml:225
 msgid "General service configuration options"
-msgstr ""
+msgstr "サービス設定�全体オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sssd.conf.5.xml:227
 msgid "These options can be used to configure any service."
-msgstr ""
+msgstr "�れら�オプション�����サービスを設定�る���使用����。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:231
 msgid "debug_level (integer)"
-msgstr ""
+msgstr "debug_level (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:235
 msgid "debug_timestamps (bool)"
-msgstr ""
+msgstr "debug_timestamps (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:238
 msgid "Add a timestamp to the debug messages"
-msgstr ""
+msgstr "デ�ッグメッセージ�日時を追加���"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
 #: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
 msgid "Default: true"
-msgstr ""
+msgstr "�期値: true"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:246
 msgid "debug_microseconds (bool)"
-msgstr ""
+msgstr "debug_microseconds (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:249
 msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
+msgstr "デ�ッグメッセージ�日時�マイクロ秒を追加���"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
+#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
 #: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
 #: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
 #: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
 msgid "Default: false"
-msgstr ""
+msgstr "�期値: false"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:270
-msgid "command (string)"
+msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:273
 msgid ""
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:282
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:287
+msgid "command (string)"
+msgstr "command (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:290
+msgid ""
 "By default, the executable representing this service is called <command>sssd_"
 "${service_name}</command>.  This directive allows to change the executable "
 "name for the service. In the vast majority of configurations, the default "
 "values should suffice."
 msgstr ""
+"�期状態����サービスを代表�る実行�能�も�� <command>sssd_"
+"${service_name}</command> �呼�れ��。��ディレクティブ�より�サービス�"
+"実行�能�も����を変更����。設定�大����期値��分��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
+#: sssd.conf.5.xml:298
 msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
+msgstr "�期値: <command>sssd_${service_name}</command>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
+#: sssd.conf.5.xml:306
 msgid "NSS configuration options"
-msgstr ""
+msgstr "NSS 設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:308
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
+"�れら�オプション� Name Service Switch (NSS) サービスを設定�る���使用�"
+"���。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
+#: sssd.conf.5.xml:313
 msgid "enum_cache_timeout (integer)"
-msgstr ""
+msgstr "enum_cache_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
+#: sssd.conf.5.xml:316
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
+"nss_sss �列挙をキャッシュ�る秒数��（����ユーザー�関�る情報�対�る"
+"�求）。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
+#: sssd.conf.5.xml:320
 msgid "Default: 120"
-msgstr ""
+msgstr "�期値: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:325
 msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
+msgstr "entry_cache_nowait_percentage (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
+#: sssd.conf.5.xml:328
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
 "for the domain."
 msgstr ""
+"エントリーキャッシュ��ドメイン�対�� entry_cache_timeout �値を超���求"
+"�れ�場����ックグラウンド�エントリーを自動的�更新�るよ�設定���"
+"�。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:334
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -536,519 +660,593 @@ msgid ""
 "but the SSSD will go and update the cache on its own, so that future "
 "requests will not need to block waiting for a cache update."
 msgstr ""
+"�����ドメイン� entry_cache_timeout � 30s �設定�れ�"
+"entry_cache_nowait_percentage � 50 (%) �設定�れ��る��エントリー� 15 "
+"秒経�後����最新�更新キャッシュ�直��返�れ��。����SSSD �自身�"
+"キャッシュ�れ�更新�れ��。�������先��求�キャッシュ更新を待��"
+"�をブロック�る必���り��ん。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
+#: sssd.conf.5.xml:344
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
 "percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
 "disables this feature)"
 msgstr ""
+"��オプション�対��有効�値� 0-99 ��。�ドメイン�対�る "
+"entry_cache_timeout �パーセンテージを表���。性能上��由�ら���パーセ"
+"ンテージ� 10 秒よりも��� nowait タイムアウトを減ら������り��ん。"
+"（0 ���機能を無効����）"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
+#: sssd.conf.5.xml:352
 msgid "Default: 50"
-msgstr ""
+msgstr "�期値: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
+#: sssd.conf.5.xml:357
 msgid "entry_negative_timeout (integer)"
-msgstr ""
+msgstr "entry_negative_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
+#: sssd.conf.5.xml:360
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
 "before asking the back end again."
 msgstr ""
+"nss_sss ����ックエンド������る���ガティブキャッシュヒット（��"
+"り�存在���ドメイン�よ���無効�データベースエントリー�対�る����"
+"�）をキャッシュ�る秒数を指定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
 msgid "Default: 15"
-msgstr ""
+msgstr "�期値: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:371
 msgid "filter_users, filter_groups (string)"
-msgstr ""
+msgstr "filter_users, filter_groups (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:374
 msgid ""
 "Exclude certain users from being fetched from the sss NSS database. This is "
 "particularly useful for system accounts. This option can also be set per-"
 "domain or include fully-qualified names to filter only users from the "
 "particular domain."
 msgstr ""
+"sss NSS データベース�ら�り出�れ�も��ら特定�ユーザーを除外���。�れ"
+"����システムアカウント�対��有効��。��オプション�ドメイン���設"
+"定����。���特定�ドメイン�らユーザー��をフィルター�る���完全修"
+"飾�を��る�������。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:381
 msgid "Default: root"
-msgstr ""
+msgstr "�期値: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
+#: sssd.conf.5.xml:386
 msgid "filter_users_in_groups (bool)"
-msgstr ""
+msgstr "filter_users_in_groups (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
+#: sssd.conf.5.xml:389
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
+"フィルター�れ�ユーザー���グループメン�ー��������ら����オプ"
+"ションを��設定���。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:398
 msgid "override_homedir (string)"
-msgstr ""
+msgstr "override_homedir (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
 msgid "%u"
-msgstr ""
+msgstr "%u"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
 msgid "login name"
-msgstr ""
+msgstr "ログイン�"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
 msgid "%U"
-msgstr ""
+msgstr "%U"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:412
 msgid "UID number"
-msgstr ""
+msgstr "UID 番�"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
 msgid "%d"
-msgstr ""
+msgstr "%d"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:416
 msgid "domain name"
-msgstr ""
+msgstr "ドメイン�"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:419
 msgid "%f"
-msgstr ""
+msgstr "%f"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:420
 msgid "fully qualified user name (user@domain)"
-msgstr ""
+msgstr "完全修飾ユーザー� (user@domain)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
 msgid "%%"
-msgstr ""
+msgstr "%%"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
 msgid "a literal '%'"
-msgstr ""
+msgstr "文字 '%'"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:401
 msgid ""
 "Override the user's home directory. You can either provide an absolute value "
 "or a template. In the template, the following sequences are substituted: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
+"ユーザー�ホームディレクトリーを上書����。絶対パス���テンプレートを�"
+"供����。テンプレート���以下�シーケンス�置��れ��: <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:430
 msgid "This option can also be set per-domain."
-msgstr ""
+msgstr "��オプション�ドメイン���設定����。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
+#: sssd.conf.5.xml:435
 msgid "allowed_shells (string)"
-msgstr ""
+msgstr "allowed_shells (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
+#: sssd.conf.5.xml:438
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
+"ユーザー�シェルを一覧��る値��れ��制����。評価�順番�次���り�"
+"�:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
+#: sssd.conf.5.xml:441
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
+"1. シェル� <quote>/etc/shells</quote> �存在�る���れ�使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:445
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
+"2. シェル� allowed_shells 一覧��る��<quote>/etc/shells</quote> ���れ"
+"��shell_fallback パラメーター�値を使用���。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
+#: sssd.conf.5.xml:450
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
+"3. シェル� allowed_shells 一覧����<quote>/etc/shells</quote> �も��れ"
+"��nologin シェル�使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:455
 msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
+msgstr "シェル�空文字列� libc �����渡�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:458
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
+"<quote>/etc/shells</quote> � SSSD �開始�れる�����読�込�れ��。�れ"
+"�新��シェル�インストール�れ�場� SSSD ��起動�必���る��を�味�"
+"��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:462
 msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
+msgstr "�期値: 設定�れ��ん。ユーザーシェル�自動的�使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:467
 msgid "vetoed_shells (string)"
-msgstr ""
+msgstr "vetoed_shells (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:470
 msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
+msgstr "�れら�シェル�インスタンスを��� shell_fallback �置�����"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:475
 msgid "shell_fallback (string)"
-msgstr ""
+msgstr "shell_fallback (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:478
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
+"許��れ�シェル�マシン�インストール�れ����場��使用�る標準シェル�"
+"�。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:482
 msgid "Default: /bin/sh"
-msgstr ""
+msgstr "�期値: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:489
 msgid "PAM configuration options"
-msgstr ""
+msgstr "PAM 設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
+#: sssd.conf.5.xml:491
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
+"�れら�オプション� Pluggable Authentication Module (PAM) サービスを設定�る"
+"���使用����。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:496
 msgid "offline_credentials_expiration (integer)"
-msgstr ""
+msgstr "offline_credentials_expiration (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:499
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
+"�証プロ�イダー�オフライン�場���キャッシュログインを許��る時間（オン"
+"ラインログイン�最終�功�ら�日数）��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
+#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
 msgid "Default: 0 (No limit)"
-msgstr ""
+msgstr "�期値: 0 (無制�)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
+#: sssd.conf.5.xml:510
 msgid "offline_failed_login_attempts (integer)"
-msgstr ""
+msgstr "offline_failed_login_attempts (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:513
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
+"�証プロ�イダー�オフライン�場��ログイン試行�失敗�許容�れる回数��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
+#: sssd.conf.5.xml:523
 msgid "offline_failed_login_delay (integer)"
-msgstr ""
+msgstr "offline_failed_login_delay (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
+#: sssd.conf.5.xml:526
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
+"新��ログイン試行��能��る�� offline_failed_login_attempts ����後�"
+"渡�れる分���時間��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
+#: sssd.conf.5.xml:531
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
 "authentication can enable offline authentication again."
 msgstr ""
+"0 �設定�れ��る��offline_failed_login_attempts ����場��ユーザー�"
+"オフライン�証����ん。オンライン�証��功�る����オフライン�証を有"
+"効�����。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
 msgid "Default: 5"
-msgstr ""
+msgstr "�期値: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:543
 msgid "pam_verbosity (integer)"
-msgstr ""
+msgstr "pam_verbosity (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
+#: sssd.conf.5.xml:546
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
+"�証中�ユーザー�表示�れるメッセージ�種類を制御���。数字�大��れ�大"
+"����メッセージ�表示�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
+#: sssd.conf.5.xml:551
 msgid "Currently sssd supports the following values:"
-msgstr ""
+msgstr "�在 sssd �以下�値をサ�ート���:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:554
 msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
+msgstr "<emphasis>0</emphasis>: 何もメッセージを表示���"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:557
 msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
+msgstr "<emphasis>1</emphasis>: ���メッセージ��を表示�る"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
+#: sssd.conf.5.xml:561
 msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
+msgstr "<emphasis>2</emphasis>: 情報レベル�メッセージを表示�る"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
+#: sssd.conf.5.xml:564
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
+msgstr "<emphasis>3</emphasis>: ����メッセージ�デ�ッグ情報を表示�る"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
+#: sssd.conf.5.xml:568 sssd.8.xml:63
 msgid "Default: 1"
-msgstr ""
+msgstr "�期値: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:573
 msgid "pam_id_timeout (integer)"
-msgstr ""
+msgstr "pam_id_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:576
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
 "ensure that authentication takes place with the latest information."
 msgstr ""
+"SSSD �オンライン�間����� PAM �求�対���ユーザー�最新�情報��証"
+"�れるよ��SSSD �直��キャッシュ�れ�識別情報を更新�よ�����。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
+#: sssd.conf.5.xml:582
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
 "client-application basis) how long (in seconds) we can cache the identity "
 "information to avoid excessive round-trips to the identity provider."
 msgstr ""
+"完全� PAM �やり�り��アカウント管�やセッション開始�よ���複数� PAM "
+"�求を実行����。��オプション��識別プロ�イダー�対�る�剰�ラウンド"
+"トリップを��る���識別情報をキャッシュ��る時間（秒数）を（クライアント"
+"アプリケーション���）制御���。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:596
 msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
+msgstr "pam_pwd_expiration_warning (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:599
 msgid "Display a warning N days before the password expires."
-msgstr ""
+msgstr "パスワード�期��切れる�� N 日間警告を表示���。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:602
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
 "cannot display a warning."
 msgstr ""
+"�ックエンド�サー�ー�パスワード�有効期間�関�る情報を�供�る必���る"
+"���注�������。��情報���れ��sssd �警告を表示���。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
+#: sssd.conf.5.xml:608
 msgid "Default: 7"
-msgstr ""
+msgstr "�期値: 7"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:616
 msgid "SUDO configuration options"
-msgstr ""
+msgstr "SUDO 設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:618
 msgid "These options can be used to configure the sudo service."
-msgstr ""
+msgstr "�れら�オプション� sudo サービスを設定�る���使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
+#: sssd.conf.5.xml:625
 msgid "sudo_cache_timeout (integer)"
-msgstr ""
+msgstr "sudo_cache_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
+#: sssd.conf.5.xml:628
 msgid ""
 "For any sudo request that comes while SSSD is online, the SSSD will attempt "
 "to update the cached rules in order to ensure that sudo has the latest "
 "ruleset."
 msgstr ""
+"SSSD �オンライン�間����� sudo �求�対���sudo �確実�最新�ルール"
+"セットを��よ��SSSD �キャッシュ�れ�ルールを更新�よ�����。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:634
 msgid ""
 "The user may, however, run a couple of sudo commands successively, which "
 "would trigger multiple LDAP requests.  In order to speed up this use-case, "
 "the sudo service maintains an in-memory cache that would be used for "
 "performing fast replies."
 msgstr ""
+"�����ら�ユーザー�複数� sudo コマンドを正常�実行����。�れ�複数"
+"� LDAP �求を発行���。��使用法を高速化�る����sudo サービス�素早�"
+"応答を返����使用�れるインメモリーキャッシュを�����。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
+#: sssd.conf.5.xml:641
 msgid ""
 "This option controls how long (in seconds) can the sudo service cache rules "
 "for a user."
 msgstr ""
+"��オプション� sudo サービス�ユーザー�ルールをキャッシュ��る時間（秒�"
+"�）を制御���。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:645
 msgid "Default: 180"
-msgstr ""
+msgstr "�期値: 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
+#: sssd.conf.5.xml:650
 msgid "sudo_timed (bool)"
-msgstr ""
+msgstr "sudo_timed (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:653
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
+"時間�存� sudoers エントリーを実装�る sudoNotBefore � sudoNotAfter �属性"
+"を評価�る�������。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:666
 msgid "AUTOFS configuration options"
-msgstr ""
+msgstr "Autofs 設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:668
 msgid "These options can be used to configure the autofs service."
-msgstr ""
+msgstr "�れら�オプション� autofs サービスを設定�る���使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
+#: sssd.conf.5.xml:676
 msgid "autofs_negative_timeout (integer)"
-msgstr ""
+msgstr "autofs_negative_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
+#: sssd.conf.5.xml:679
 msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
+"Specifies for how many seconds should the autofs responder negative cache "
+"hits (that is, queries for invalid map entries, like nonexistent ones) "
 "before asking the back end again."
 msgstr ""
+"autofs レス�ンダー��ガティブキャッシュ（��り�存在���も��よ���無"
+"効�マップエントリー�対�る�����）����ックエンド������る��"
+"ヒット�る秒数を指定���。"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:696
 msgid "DOMAIN SECTIONS"
-msgstr ""
+msgstr "ドメインセクション"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:703
 msgid "min_id,max_id (integer)"
-msgstr ""
+msgstr "min_id,max_id (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
+#: sssd.conf.5.xml:706
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
+"ドメイン�対�る UID � GID �制���。ドメイン��れら�制��外��るエン"
+"トリーを�む場���れ�無視�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:711
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
 "primary group memberships, those that are in range will be reported as "
 "expected."
 msgstr ""
+"ユーザー�対����れ�プライマリー GID 制��影響���。 UID ���プライ"
+"マリー GID �範囲外�ら��ユーザー� NSS �返�れ��ん。�プライマリーメン"
+"�ー�対���範囲内��るも��予期�れ�も����報告�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:718
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
+msgstr "�期値: min_id � 1, max_id � 0 (無制�)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:724
 msgid "timeout (integer)"
-msgstr ""
+msgstr "timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:727
 msgid ""
 "Timeout in seconds between heartbeats for this domain.  This is used to "
 "ensure that the backend process is alive and capable of answering requests."
 msgstr ""
+"��ドメイン�対�る�ートビート間隔（秒��）。�ックエンド�プロセス�有効"
+"��り��求�答�られる能力��る��を確実��る���使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
+#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
 msgid "Default: 10"
-msgstr ""
+msgstr "�期値: 10"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:738
 msgid "enumerate (bool)"
-msgstr ""
+msgstr "enumerate (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:741
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
+"ドメイン�列挙��る�を決定���。��パラメーター�以下�値��れ���る"
+"必���り��:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
+#: sssd.conf.5.xml:745
 msgid "TRUE = Users and groups are enumerated"
-msgstr ""
+msgstr "TRUE = ユーザー�グループ�列挙�れ��"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:748
 msgid "FALSE = No enumerations for this domain"
-msgstr ""
+msgstr "FALSE = ��ドメイン�対��列挙���ん"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
+#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
 msgid "Default: FALSE"
-msgstr ""
+msgstr "�期値: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:754
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1056,668 +1254,791 @@ msgid ""
 "information will go directly to LDAP, though it may be slow, due to the "
 "heavy enumeration processing."
 msgstr ""
+"注: 列挙を有効��る���より�列挙�実行中� SSSD �����性能�影響��"
+"り��。列挙を完全�完了�る�� SSSD �開始後�数分間時間���り��。��"
+"間���れ�れ�情報��求�直接 LDAP �行�������列挙処������れ"
+"����も�れ��ん。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
+#: sssd.conf.5.xml:764
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
+"最��列挙�実行中�間�完全�ユーザー���グループ�一覧�対�る�求���"
+"れ�完了�る���果を返���ん。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
+#: sssd.conf.5.xml:769
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
 "enumeration lookups are completed successfully.  For more information, refer "
 "to the man pages for the specific id_provider in use."
 msgstr ""
+"�ら��列挙を有効��る���より�挙�検索�確実�正��完了�るよりも長�"
+"�る必���る����ットワーク切断を検知�る���必��時間�増�る�能性"
+"��り��。詳細�使用���る具体的� id_provider �マニュアルページを�照�"
+"�����。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:780
 msgid "entry_cache_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:783
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
+"nss_sss ����ックエンド������る��エントリーを有効��る�考�る秒"
+"数��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
+#: sssd.conf.5.xml:787
 msgid "Default: 5400"
-msgstr ""
+msgstr "�期値: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
+#: sssd.conf.5.xml:793
 msgid "entry_cache_user_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_user_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
+#: sssd.conf.5.xml:796
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
+"nss_sss ����ックエンド������る��ユーザーエントリーを有効��る�"
+"考�る秒数��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
+#: sssd.conf.5.xml:839
 msgid "Default: entry_cache_timeout"
-msgstr ""
+msgstr "�期値: entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
+#: sssd.conf.5.xml:806
 msgid "entry_cache_group_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_group_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
+#: sssd.conf.5.xml:809
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
+"nss_sss ����ックエンド������る��グループエントリーを有効��る�"
+"考�る秒数��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:819
 msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_netgroup_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:822
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
+"nss_sss ����ックエンド������る���ットワークグループエントリーを"
+"有効��る�考�る秒数��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:832
 msgid "entry_cache_service_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_service_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:835
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
+"nss_sss ����ックエンド������る��サービスエントリーを有効��る�"
+"考�る秒数��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:845
 msgid "cache_credentials (bool)"
-msgstr ""
+msgstr "cache_credentials (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:848
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
+"ユーザー�クレディンシャル�ローカル LDB キャッシュ�キャッシュ�れる����"
+"を決���"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:852
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
+"ユーザー�クレディンシャル��平文���� SHA512 �ッシュ��存�れ��"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:861
 msgid "account_cache_expiration (integer)"
-msgstr ""
+msgstr "account_cache_expiration (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:864
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
 "value of this parameter must be greater than or equal to "
 "offline_credentials_expiration."
 msgstr ""
+"正常�ログイン後�キャッシュ�クリーンアップ中�エントリー�削除�れる��日"
+"数��。 0 �永久����る��を�味���。��パラメーター�値� "
+"offline_credentials_expiration ��等以上���れ�����ん。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
+#: sssd.conf.5.xml:871
 msgid "Default: 0 (unlimited)"
-msgstr ""
+msgstr "�期値: 0 (無制�)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
+#: sssd.conf.5.xml:877
 msgid "id_provider (string)"
-msgstr ""
+msgstr "id_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:880
 msgid "The Data Provider identity backend to use for this domain."
 msgstr ""
+"��ドメイン�対��使用�るデータプロ�イダー�識別情報��ックエンド��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
+#: sssd.conf.5.xml:884
 msgid "Supported backends:"
-msgstr ""
+msgstr "サ�ート�る�ックエンド:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
+#: sssd.conf.5.xml:887
 msgid "proxy: Support a legacy NSS provider"
-msgstr ""
+msgstr "proxy: レガシー� NSS プロ�イダー�サ�ート"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
+#: sssd.conf.5.xml:890
 msgid "local: SSSD internal local provider"
-msgstr ""
+msgstr "local: SSSD 内部ローカルプロ�イダー"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:893
 msgid "ldap: LDAP provider"
-msgstr ""
+msgstr "ldap: LDAP プロ�イダー"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:899
 msgid "use_fully_qualified_names (bool)"
-msgstr ""
+msgstr "use_fully_qualified_names (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
+#: sssd.conf.5.xml:902
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
 "<command>getent passwd test</command> wouldn't find the user while "
 "<command>getent passwd test@LOCAL</command> would."
 msgstr ""
+"TRUE �設定�れ��る����ドメイン�������求�完全修飾�を使用�る必"
+"���り��。����� \"test\" ユーザーを�む LOCAL ドメイン����使用�"
+"れ��る��<command>getent passwd test</command> �ユーザーを見��られ��"
+"ん��<command>getent passwd test@LOCAL</command> �見��られ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:915
 msgid "auth_provider (string)"
-msgstr ""
+msgstr "auth_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:918
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
+"ドメイン�対��使用�れる�証プロ�イダー��。サ�ート�れる�証プロ�イ"
+"ダー�次���り��:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:922
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry> for more information on configuring LDAP."
 msgstr ""
+"<quote>ldap</quote> �本�� LDAP �証����。LDAP �設定�関�る詳細� "
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> を�照������。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:929
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry> for more information on configuring Kerberos."
 msgstr ""
+"<quote>krb5</quote> � Kerberos �証����。Kerberos �設定�関�る詳細� "
+"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> を�照������。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:936
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
+"<quote>proxy</quote> ������他� PAM ターゲット��証を中継���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:939
 msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
+msgstr "<quote>none</quote> �明示的��証を無効化���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:942
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
+"�期値: <quote>id_provider</quote> �設定�れ��証�求を�り扱������る"
+"�ら���れ�使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
+#: sssd.conf.5.xml:948
 msgid "access_provider (string)"
-msgstr ""
+msgstr "access_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:951
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
 "Internal special providers are:"
 msgstr ""
+"ドメイン�対��使用�れるアクセス制御プロ�イダー��。 2 ��組�込�アクセ"
+"スプロ�イダー��り��（インストール�れ��ックエンド���れる���を加"
+"���）。内部�特別プロ�イダー�次���り��:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:957
 msgid "<quote>permit</quote> always allow access."
-msgstr ""
+msgstr "<quote>permit</quote> �常�アクセスを許����。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:960
 msgid "<quote>deny</quote> always deny access."
-msgstr ""
+msgstr "<quote>deny</quote> �常�アクセスを拒����。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
+#: sssd.conf.5.xml:963
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
 "manvolnum></citerefentry> for more information on configuring the simple "
 "access module."
 msgstr ""
+"<quote>simple</quote> アクセス制御�アクセス���拒��一覧�基����。"
+"simple アクセスモジュール�設定�関�る詳細� <citerefentry> "
+"<refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> を�照������。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:970
 msgid "Default: <quote>permit</quote>"
-msgstr ""
+msgstr "�期値: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:975
 msgid "chpass_provider (string)"
-msgstr ""
+msgstr "chpass_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:978
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
+"ドメイン�対�るパスワード変更�作を�り扱�プロ�イダー��。サ�ート�れる"
+"パスワード変更プロ�イダー�次���り��:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
+#: sssd.conf.5.xml:983
 msgid ""
 "<quote>ipa</quote> to change a password stored in an IPA server.  See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry> for more information on configuring IPA."
 msgstr ""
+"<quote>ipa</quote> � IPA サー�ー��存�れ��るパスワードを変更���。 "
+"IPA �設定�関�る詳細� <citerefentry> <refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を�照������。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:991
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry> for more information on configuring LDAP."
 msgstr ""
+"<quote>ldap</quote> � LDAP サー�ー��存�れ��るパスワードを変更���。 "
+"LDAP �設定�関�る詳細� <citerefentry> <refentrytitle>sssd-ldap</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を�照������。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
+#: sssd.conf.5.xml:999
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry> for more information on configuring Kerberos."
 msgstr ""
+"<quote>krb5</quote> � Kerberos �パスワードを変更���。 Kerberos �設定�"
+"関�る詳細� <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> を�照������。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:1007
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
+"<quote>proxy</quote> ������他� PAM ターゲット�パスワード�変更を中継"
+"���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
+#: sssd.conf.5.xml:1011
 msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
+msgstr "<quote>none</quote> �明示的�パスワード�変更を無効化���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
+#: sssd.conf.5.xml:1014
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
+"�期値: <quote>auth_provider</quote> �設定�れ�パスワード�変更�求を�り扱"
+"������る�ら���れ�使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1021
 msgid "sudo_provider (string)"
-msgstr ""
+msgstr "sudo_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1027
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
+"ドメイン�使用�れる SUDO プロ�イダー��。サ�ート�れる SUDO プロ�イダー"
+"�次���り��:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1031
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry> for more information on configuring LDAP."
 msgstr ""
+"<quote>ldap</quote> � LDAP ��存�れ��るルール�����。LDAP �設定�関"
+"�る詳細� <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> を�照���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1038
 msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
+msgstr "<quote>none</quote> � SUDO を明示的�無効化���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1041
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
+"�期値: <quote>id_provider</quote> �値�設定�れ��る�使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1047
 msgid "session_provider (string)"
-msgstr ""
+msgstr "session_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1050
 msgid ""
 "The provider which should handle loading of session settings.  Supported "
 "session providers are:"
 msgstr ""
+"セッション�設定�読�込�を処��るプロ�イダー��。サ�ート�れるセッショ"
+"ンプロ�イダー�次���り��:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1055
 msgid ""
 "<quote>ipa</quote> to load session settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry> for more information on configuring IPA."
 msgstr ""
+"<quote>ipa</quote> � IPA サー�ー�らセッション�設定を読�込���。IPA �"
+"設定�関�る詳細� <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> を�照������。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1063
 msgid "<quote>none</quote> disallows fetching session settings explicitly."
 msgstr ""
+"<quote>none</quote> �セッション�設定��り出�を明示的�無効化���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1066
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "session loading requests."
 msgstr ""
+"�期値: <quote>id_provider</quote> �設定�れ�セッション読�込��求を�り扱"
+"���る場���れ�使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
+#: sssd.conf.5.xml:1073
 msgid "lookup_family_order (string)"
-msgstr ""
+msgstr "lookup_family_order (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1076
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
+"DNS 検索を実行�る���使用�る�優先アドレスファミリーを�択�る機能を�供"
+"���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1080
 msgid "Supported values:"
-msgstr ""
+msgstr "サ�ート�る値:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1083
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
+"ipv4_first: IPv4 アドレス�検索を試行���。失敗�る� IPv6 を試行���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1086
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
+"ipv4_only: ホスト�を IPv4 アドレス���解決�る����を試行���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1089
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
+"ipv6_first: IPv6 アドレス�検索を試行���。失敗�る� IPv4 を試行���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1092
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
+"ipv6_only: ホスト�を IPv6 アドレス���解決�る����を試行���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1095
 msgid "Default: ipv4_first"
-msgstr ""
+msgstr "�期値: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1101
 msgid "dns_resolver_timeout (integer)"
-msgstr ""
+msgstr "dns_resolver_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1104
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the DNS "
 "resolver before assuming that it is unreachable. If this timeout is reached, "
 "the domain will continue to operate in offline mode."
 msgstr ""
+"DNS リゾル�ー�到���能��る�仮定�る�������ら�応答を待�時間"
+"（秒��）を定義���。��タイムアウト���る��ドメイン�オフラインモー"
+"ド���作を継続���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1116
 msgid "dns_discovery_domain (string)"
-msgstr ""
+msgstr "dns_discovery_domain (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
+#: sssd.conf.5.xml:1119
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
+"サービス検索��ックエンド�使用�れ��る��サービス検索 DNS クエリー�ドメ"
+"イン部分を指定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1123
 msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
+msgstr "�期値: マシン�ホスト��ドメイン部分を使用���"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1129
 msgid "override_gid (integer)"
-msgstr ""
+msgstr "override_gid (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1132
 msgid "Override the primary GID value with the one specified."
-msgstr ""
+msgstr "プライマリー GID �値を指定�れ�も��上書����。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
+#: sssd.conf.5.xml:1138
 msgid "case_sensitive (boolean)"
-msgstr ""
+msgstr "case_sensitive (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1141
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider."
 msgstr ""
+"ユーザー��グループ��大文字�文字を区別�るよ��り扱���。今�����"
+"��オプション�ローカルプロ�イダー����サ�ート�れ��ん。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1146
 msgid "Default: True"
-msgstr ""
+msgstr "�期値: True"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:698
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
 "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
+"�れら�設定オプション�ドメイン設定�セクション���り <quote>[domain/"
+"<replaceable>NAME</replaceable>]</quote> �存在��� <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1158
 msgid "proxy_pam_target (string)"
-msgstr ""
+msgstr "proxy_pam_target (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1161
 msgid "The proxy target PAM proxies to."
-msgstr ""
+msgstr "中継�るプロキシターゲット PAM ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1164
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
+"�期値: 設定�れ��ん。既存� PAM 設定を使用�る��新��作���サービス�"
+"を���追加�る必���り��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1172
 msgid "proxy_lib_name (string)"
-msgstr ""
+msgstr "proxy_lib_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1175
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
 "for example _nss_files_getpwent."
 msgstr ""
+"プロキシードメイン����使用�る NSS ライブラリー�����。ライブラリー�"
+"���検索�る NSS 関数� _nss_$(libName)_$(function) �形���。���� "
+"_nss_files_getpwent ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1154
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
+"プロキシドメイン�対��有効�オプション��。 <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1187
 msgid "The local domain section"
-msgstr ""
+msgstr "ローカルドメイン�セクション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1189
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
 "<replaceable>id_provider=local</replaceable>."
 msgstr ""
+"��セクション��ユーザー�グループを SSSD �イティブデータベース��存�る"
+"ドメイン���り� <replaceable>id_provider=local</replaceable> を使用�るド"
+"メイン�対�る設定を����。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1196
 msgid "default_shell (string)"
-msgstr ""
+msgstr "default_shell (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
+#: sssd.conf.5.xml:1199
 msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
+msgstr "SSSD ユーザー空間ツールを用��作��れ�ユーザー��期シェル��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
+#: sssd.conf.5.xml:1203
 msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
+msgstr "�期値: <filename>/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1208
 msgid "base_directory (string)"
-msgstr ""
+msgstr "base_directory (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:1211
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
+"ツール�ログイン�を <replaceable>base_directory</replaceable> �追加���"
+"ホームディレクトリー���使用���。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1216
 msgid "Default: <filename>/home</filename>"
-msgstr ""
+msgstr "�期値: <filename>/home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
+#: sssd.conf.5.xml:1221
 msgid "create_homedir (bool)"
-msgstr ""
+msgstr "create_homedir (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
+#: sssd.conf.5.xml:1224
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
+"�期状態�新�ユーザー�対�るホームディレクトリー�作��れる�を指示��"
+"�。コマンドライン����上書�����。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
+#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
 msgid "Default: TRUE"
-msgstr ""
+msgstr "�期値: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1233
 msgid "remove_homedir (bool)"
-msgstr ""
+msgstr "remove_homedir (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
+#: sssd.conf.5.xml:1236
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
+"�期状態�新�ユーザー�対�るホームディレクトリー�削除�れる�を指示��"
+"�。コマンドライン����上書�����。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
+#: sssd.conf.5.xml:1245
 msgid "homedir_umask (integer)"
-msgstr ""
+msgstr "homedir_umask (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1248
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
 "on a newly created home directory."
 msgstr ""
+"新��作��れるホームディレクトリー�パーミッション��期値を指定�る��� "
+"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry> �より使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
+#: sssd.conf.5.xml:1256
 msgid "Default: 077"
-msgstr ""
+msgstr "�期値: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1261
 msgid "skel_dir (string)"
-msgstr ""
+msgstr "skel_dir (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1264
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
 "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>"
 msgstr ""
+"ホームディレクトリー� <citerefentry> <refentrytitle>sss_useradd</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> �より作��れる�"
+"��ユーザー�ホームディレクトリー�コピー�れるファイル�よ�ディレクトリー"
+"を�む�スケルトンディレクトリー��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
+#: sssd.conf.5.xml:1274
 msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
+msgstr "�期値: <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
+#: sssd.conf.5.xml:1279
 msgid "mail_dir (string)"
-msgstr ""
+msgstr "mail_dir (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1282
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
 "default value is used."
 msgstr ""
+"メールスプールディレクトリー��。�れ�対応�るユーザーアカウント�変更��"
+"�削除�れ�����れを�作�る必���り��。指定�れ����れ���期値"
+"�使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1289
 msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
+msgstr "�期値: <filename>/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
+#: sssd.conf.5.xml:1294
 msgid "userdel_cmd (string)"
-msgstr ""
+msgstr "userdel_cmd (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1297
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
 "return code of the command is not taken into account."
 msgstr ""
+"ユーザー�削除後�実行�れるコマンド��。コマンド�最��唯一�パラメーター"
+"���削除�れるユーザー�ユーザー�を渡���。コマンド�返り値�考慮�れ�"
+"�ん。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1303
 msgid "Default: None, no command is run"
-msgstr ""
+msgstr "�期値: ���コマンドを実行���ん"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
+#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
 #: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
 msgid "EXAMPLE"
-msgstr ""
+msgstr "例"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -1745,18 +2066,45 @@ msgid ""
 "max_id = 20000\n"
 "enumerate = False\n"
 msgstr ""
+"[sssd]\n"
+"domains = LDAP\n"
+"services = nss, pam\n"
+"config_file_version = 2\n"
+"\n"
+"[nss]\n"
+"filter_groups = root\n"
+"filter_users = root\n"
+"\n"
+"[pam]\n"
+"\n"
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"ldap_uri = ldap://ldap.example.com\n"
+"ldap_search_base = dc=example,dc=com\n"
+"\n"
+"auth_provider = krb5\n"
+"krb5_server = kerberos.example.com\n"
+"krb5_realm = EXAMPLE.COM\n"
+"cache_credentials = true\n"
+"\n"
+"min_id = 10000\n"
+"max_id = 20000\n"
+"enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1315
 msgid ""
 "The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 msgstr ""
+"以下�例� SSSD �一般的�設定を示���。ドメイン自身�設定を説明�����"
+"ん - ドメイン�設定�関�る詳細�ドキュメントを�照������。  "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1350
 msgid ""
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
 "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1773,11 +2121,25 @@ msgid ""
 "<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>."
 msgstr ""
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
-msgstr ""
+msgstr "sssd-ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:23
@@ -1788,11 +2150,16 @@ msgid ""
 "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry> manual page for detailed syntax information."
 msgstr ""
+"��マニュアルページ� <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> ��� LDAP ドメイン�設定を説明��"
+"���。詳細�構文����� <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページ� "
+"<quote>ファイル形�</quote> セクションを�照������。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:35
 msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
+msgstr "SSSD �複数� LDAP ドメインを使用�るよ�設定����。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:38
@@ -1805,17 +2172,24 @@ msgid ""
 "<quote>ldap_access_filter</quote> config option for more information about "
 "using LDAP as an access provider."
 msgstr ""
+"LDAP �ックエンド� id, auth, access �よ� chpass プロ�イダーをサ�ート��"
+"�。 LDAP サー�ー�対���証���れ�� TLS/SSL ��� LDAPS ���ら��"
+"必���り��。 <command>sssd</command> �暗�化�れ���ャ�ル���る�証"
+"�サ�ート<emphasis>�れ��ん</emphasis>。 LDAP サー�ー�識別プロ�イダー�"
+"����使用�れる�ら��暗�化�ャ�ル�必��り��ん。アクセスプロ�イ"
+"ダー��� LDAP を使用�る���詳細� <quote>ldap_access_filter</quote> 設定"
+"オプションを�照������。"
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
 #: sssd-krb5.5.xml:63
 msgid "CONFIGURATION OPTIONS"
-msgstr ""
+msgstr "設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:60
 msgid "ldap_uri (string)"
-msgstr ""
+msgstr "ldap_uri (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:63
@@ -1830,28 +2204,30 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:70
 msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
+msgstr "URI �形�� RFC 2732 �決�られ��る形��一致���れ�����ん:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:73
 msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
+msgstr "ldap[s]://&lt;host&gt;[:port]"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:76
 msgid ""
 "For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
 msgstr ""
+"IPv6 アドレスを明示�る����&lt;host&gt; を角括弧 [] ���る必���り�"
+"�。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:79
 msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
+msgstr "例: ldap://[fc00::126:25]:389"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:85
 msgid "ldap_chpass_uri (string)"
-msgstr ""
+msgstr "ldap_chpass_uri (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:88
@@ -1866,21 +2242,23 @@ msgstr ""
 #: sssd-ldap.5.xml:95
 msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
 msgstr ""
+"サービス discovery ldap_chpass_dns_service_name を有効��る���設定�る必"
+"���り��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:99
 msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
+msgstr "�期値: 空���り ldap_uri �使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:105
 msgid "ldap_search_base (string)"
-msgstr ""
+msgstr "ldap_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:108
 msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
+msgstr "LDAP ユーザー�作を実行�る���使用�れる�期ベース DN ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:112
@@ -1888,16 +2266,17 @@ msgid ""
 "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
 "syntax:"
 msgstr ""
+"SSSD 1.7.0 以��SSSD �次�構文を使用��複数�検索ベースをサ�ート���:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:116
 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
+msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:119
 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
+msgstr "範囲� \"base\", \"onelevel\" ��� \"subtree\" ��れ���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:122
@@ -1905,11 +2284,13 @@ msgid ""
 "The filter must be a valid LDAP search filter as specified by http://www."
 "ietf.org/rfc/rfc2254.txt"
 msgstr ""
+"フィルター� http://www.ietf.org/rfc/rfc2254.txt �より指定�れ�よ��有効"
+"� LDAP 検索フィルター��る必���り��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:126
 msgid "Examples:"
-msgstr ""
+msgstr "例:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:129
@@ -1917,6 +2298,8 @@ msgid ""
 "ldap_search_base = dc=example,dc=com (which is equivalent to)  "
 "ldap_search_base = dc=example,dc=com?subtree?"
 msgstr ""
+"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
+"ldap_search_base = dc=example,dc=com?subtree?"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:134
@@ -1924,6 +2307,8 @@ msgid ""
 "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
 "(host=thishost)?dc=example.com?subtree?"
 msgstr ""
+"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
+"(host=thishost)?dc=example.com?subtree?"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:137
@@ -1948,7 +2333,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:158
 msgid "ldap_schema (string)"
-msgstr ""
+msgstr "ldap_schema (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:161
@@ -1963,56 +2348,64 @@ msgid ""
 "members are listed by DN and stored in the <emphasis>member</emphasis> "
 "attribute."
 msgstr ""
+"ターゲット LDAP サー�ー����使用中�スキーマ形�を指定���。�択�れ�"
+"スキーマ�応���サー�ー�ら�得�れる属性���期変�り��。処��れる�"
+"����属性も変�り��。�在 3 ��スキーマ形��サ�ート�れ��: "
+"rfc2307, rfc2307bis, IPA 。�れら�スキーマ形���も�����グループ�メン"
+"�ー�サー�ー������よ��記録�れる���。rfc2307 を使用�る��グ"
+"ループ�メン�ー� <emphasis>memberUid</emphasis> 属性����より一覧化�れ"
+"��。rfc2307bis �よ� IPA を使用�る��グループ�メン�ー� DN �より一覧"
+"化�れ�<emphasis>member</emphasis> 属性��存�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:180
 msgid "Default: rfc2307"
-msgstr ""
+msgstr "�期値: rfc2307"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:186
 msgid "ldap_default_bind_dn (string)"
-msgstr ""
+msgstr "ldap_default_bind_dn (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:189
 msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
+msgstr "LDAP ユーザー�作を実行�る���使用�れる�期�インド DN ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:196
 msgid "ldap_default_authtok_type (string)"
-msgstr ""
+msgstr "ldap_default_authtok_type (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:199
 msgid "The type of the authentication token of the default bind DN."
-msgstr ""
+msgstr "�期�インド DN ��証トークン�形���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:203
 msgid "The two mechanisms currently supported are:"
-msgstr ""
+msgstr "�在 2 ��メカニズム�サ�ート�れ��:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:206
 msgid "password"
-msgstr ""
+msgstr "password"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:209
 msgid "obfuscated_password"
-msgstr ""
+msgstr "obfuscated_password"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:212
 msgid "Default: password"
-msgstr ""
+msgstr "�期値: password"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:218
 msgid "ldap_default_authtok (string)"
-msgstr ""
+msgstr "ldap_default_authtok (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:221
@@ -2020,148 +2413,150 @@ msgid ""
 "The authentication token of the default bind DN.  Only clear text passwords "
 "are currently supported."
 msgstr ""
+"デフォルト��インド DN ��証トークン��。平文テキスト�パスワード����"
+"在サ�ート�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:228
 msgid "ldap_user_object_class (string)"
-msgstr ""
+msgstr "ldap_user_object_class (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:231
 msgid "The object class of a user entry in LDAP."
-msgstr ""
+msgstr "LDAP ��るユーザーエントリー�オブジェクトクラス��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:234
 msgid "Default: posixAccount"
-msgstr ""
+msgstr "�期値: posixAccount"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:240
 msgid "ldap_user_name (string)"
-msgstr ""
+msgstr "ldap_user_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:243
 msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
+msgstr "ユーザー�ログイン��対応�る LDAP �属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:247
 msgid "Default: uid"
-msgstr ""
+msgstr "�期値: uid"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:253
 msgid "ldap_user_uid_number (string)"
-msgstr ""
+msgstr "ldap_user_uid_number (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:256
 msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
+msgstr "ユーザー� ID �対応�る LDAP �属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:260
 msgid "Default: uidNumber"
-msgstr ""
+msgstr "�期値: uidNumber"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:266
 msgid "ldap_user_gid_number (string)"
-msgstr ""
+msgstr "ldap_user_gid_number (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:269
 msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
+msgstr "ユーザー�プライマリーグループ ID �対応�る LDAP �属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
 msgid "Default: gidNumber"
-msgstr ""
+msgstr "�期値: gidNumber"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:279
 msgid "ldap_user_gecos (string)"
-msgstr ""
+msgstr "ldap_user_gecos (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:282
 msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
+msgstr "ユーザー� gecos 項目�対応�る LDAP �属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:286
 msgid "Default: gecos"
-msgstr ""
+msgstr "�期値: gecos"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:292
 msgid "ldap_user_home_directory (string)"
-msgstr ""
+msgstr "ldap_user_home_directory (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:295
 msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
+msgstr "ユーザー�ホームディレクトリー���を�む LDAP �属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:299
 msgid "Default: homeDirectory"
-msgstr ""
+msgstr "�期値: homeDirectory"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:305
 msgid "ldap_user_shell (string)"
-msgstr ""
+msgstr "ldap_user_shell (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:308
 msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
+msgstr "ユーザー��期シェル�パスを�む LDAP �属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:312
 msgid "Default: loginShell"
-msgstr ""
+msgstr "�期値: loginShell"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:318
 msgid "ldap_user_uuid (string)"
-msgstr ""
+msgstr "ldap_user_uuid (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:321
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
+msgstr "LDAP ユーザーオブジェクト� UUID/GUID を�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
 msgid "Default: nsUniqueId"
-msgstr ""
+msgstr "�期値: nsUniqueId"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:331
 msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
+msgstr "ldap_user_modify_timestamp (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
 msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
-msgstr ""
+msgstr "親オブジェクト�最終変更�タイムスタンプを�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
 msgid "Default: modifyTimestamp"
-msgstr ""
+msgstr "�期値: modifyTimestamp"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:344
 msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
+msgstr "ldap_user_shadow_last_change (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:347
@@ -2171,16 +2566,20 @@ msgid ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
 "the last password change)."
 msgstr ""
+"ldap_pwd_policy=shadow を使用�る�����パラメーター� <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> �対応部分（最終パスワード変更日）�対応�る LDAP 属性���を"
+"����。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:357
 msgid "Default: shadowLastChange"
-msgstr ""
+msgstr "�期値: shadowLastChange"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:363
 msgid "ldap_user_shadow_min (string)"
-msgstr ""
+msgstr "ldap_user_shadow_min (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:366
@@ -2190,16 +2589,20 @@ msgid ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
 "password age)."
 msgstr ""
+"ldap_pwd_policy=shadow を使用�る�����パラメーター� <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> �対応部分（最�パスワード期�）�対応�る LDAP 属性���を�"
+"���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:375
 msgid "Default: shadowMin"
-msgstr ""
+msgstr "�期値: shadowMin"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:381
 msgid "ldap_user_shadow_max (string)"
-msgstr ""
+msgstr "ldap_user_shadow_max (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:384
@@ -2209,16 +2612,20 @@ msgid ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
 "password age)."
 msgstr ""
+"ldap_pwd_policy=shadow を使用�る�����パラメーター� <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> �対応部分（最大パスワード期�）�対応�る LDAP 属性���を�"
+"���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:393
 msgid "Default: shadowMax"
-msgstr ""
+msgstr "�期値: shadowMax"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:399
 msgid "ldap_user_shadow_warning (string)"
-msgstr ""
+msgstr "ldap_user_shadow_warning (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:402
@@ -2228,16 +2635,20 @@ msgid ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
 "(password warning period)."
 msgstr ""
+"ldap_pwd_policy=shadow を使用�る�����パラメーター� <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> �対応部分（パスワード警告期間）�対応�る LDAP 属性���を�"
+"���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:412
 msgid "Default: shadowWarning"
-msgstr ""
+msgstr "�期値: shadowWarning"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:418
 msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
+msgstr "ldap_user_shadow_inactive (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:421
@@ -2247,16 +2658,20 @@ msgid ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
 "(password inactivity period)."
 msgstr ""
+"ldap_pwd_policy=shadow を使用�る�����パラメーター� <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> �対応部分（パスワード無効期間）�対応�る LDAP 属性���を�"
+"���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:431
 msgid "Default: shadowInactive"
-msgstr ""
+msgstr "�期値: shadowInactive"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:437
 msgid "ldap_user_shadow_expire (string)"
-msgstr ""
+msgstr "ldap_user_shadow_expire (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:440
@@ -2266,16 +2681,20 @@ msgid ""
 "<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry> counterpart (account expiration date)."
 msgstr ""
+"ldap_pwd_policy=shadow を使用�る�����パラメーター� <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> �対応部分（アカウント失効日）�対応�る LDAP 属性���を��"
+"��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:450
 msgid "Default: shadowExpire"
-msgstr ""
+msgstr "�期値: shadowExpire"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:456
 msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
+msgstr "ldap_user_krb_last_pwd_change (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:459
@@ -2284,16 +2703,18 @@ msgid ""
 "an LDAP attribute storing the date and time of last password change in "
 "kerberos."
 msgstr ""
+"ldap_pwd_policy=mit_kerberos を使用���る�����パラメーター� Kerberos "
+"�最終パスワード変更日時を�存�る LDAP 属性���を����。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:465
 msgid "Default: krbLastPwdChange"
-msgstr ""
+msgstr "�期値: krbLastPwdChange"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:471
 msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
+msgstr "ldap_user_krb_password_expiration (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:474
@@ -2301,16 +2722,18 @@ msgid ""
 "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
 "an LDAP attribute storing the date and time when current password expires."
 msgstr ""
+"ldap_pwd_policy=mit_kerberos を使用���る�����パラメーター��在�パス"
+"ワード失効日時を�存�る LDAP 属性���を����。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:480
 msgid "Default: krbPasswordExpiration"
-msgstr ""
+msgstr "�期値: krbPasswordExpiration"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:486
 msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
+msgstr "ldap_user_ad_account_expires (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:489
@@ -2318,16 +2741,18 @@ msgid ""
 "When using ldap_account_expire_policy=ad, this parameter contains the name "
 "of an LDAP attribute storing the expiration time of the account."
 msgstr ""
+"ldap_account_expire_policy=ad を使用�る�����パラメーター�アカウント�"
+"失効日時を�存�る LDAP 属性���を����。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:494
 msgid "Default: accountExpires"
-msgstr ""
+msgstr "�期値: accountExpires"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:500
 msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
+msgstr "ldap_user_ad_user_account_control (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:503
@@ -2335,16 +2760,18 @@ msgid ""
 "When using ldap_account_expire_policy=ad, this parameter contains the name "
 "of an LDAP attribute storing the user account control bit field."
 msgstr ""
+"ldap_account_expire_policy=ad を使用�る�����パラメーター�ユーザーアカ"
+"ウント�制御ビット項目を�存�る LDAP 属性���を����。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:508
 msgid "Default: userAccountControl"
-msgstr ""
+msgstr "�期値: userAccountControl"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:514
 msgid "ldap_ns_account_lock (string)"
-msgstr ""
+msgstr "ldap_ns_account_lock (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:517
@@ -2352,16 +2779,18 @@ msgid ""
 "When using ldap_account_expire_policy=rhds or equivalent, this parameter "
 "determines if access is allowed or not."
 msgstr ""
+"ldap_account_expire_policy=rhds ����等�も�を使用�る�����パラメー"
+"ター�アクセス�許��れる��れ���を決定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:522
 msgid "Default: nsAccountLock"
-msgstr ""
+msgstr "�期値: nsAccountLock"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:528
 msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
+msgstr "ldap_user_nds_login_disabled (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:531
@@ -2369,16 +2798,18 @@ msgid ""
 "When using ldap_account_expire_policy=nds, this attribute determines if "
 "access is allowed or not."
 msgstr ""
+"ldap_account_expire_policy=nds を使用�る���アクセス�許��れる��れ��"
+"�を��属性�決定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
 msgid "Default: loginDisabled"
-msgstr ""
+msgstr "�期値: loginDisabled"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:541
 msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
+msgstr "ldap_user_nds_login_expiration_time (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:544
@@ -2386,11 +2817,13 @@ msgid ""
 "When using ldap_account_expire_policy=nds, this attribute determines until "
 "which date access is granted."
 msgstr ""
+"ldap_account_expire_policy=nds を使用���る�����属性�データアクセス�"
+"����許��れる��を決定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:555
 msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
+msgstr "ldap_user_nds_login_allowed_time_map (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:558
@@ -2398,43 +2831,45 @@ msgid ""
 "When using ldap_account_expire_policy=nds, this attribute determines the "
 "hours of a day in a week when access is granted."
 msgstr ""
+"ldap_account_expire_policy=nds を使用���る�����属性�アクセス�許��"
+"れる���一週間�日�時間を決定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:563
 msgid "Default: loginAllowedTimeMap"
-msgstr ""
+msgstr "�期値: loginAllowedTimeMap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:569
 msgid "ldap_user_principal (string)"
-msgstr ""
+msgstr "ldap_user_principal (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:572
 msgid ""
 "The LDAP attribute that contains the user's Kerberos User Principal Name "
 "(UPN)."
-msgstr ""
+msgstr "ユーザー� Kerberos User Principal Name (UPN) を�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:576
 msgid "Default: krbPrincipalName"
-msgstr ""
+msgstr "�期値: krbPrincipalName"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:582
 msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
+msgstr "ldap_user_ssh_public_key (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:585
 msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
+msgstr "ユーザー� SSH 公開�を�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:592
 msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
+msgstr "ldap_force_upper_case_realm (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:595
@@ -2444,11 +2879,14 @@ msgid ""
 "fail. Set this option to a non-zero value if you want to use an upper-case "
 "realm."
 msgstr ""
+"�����ディレクトリーサー�ー����� Active Directory���文字�レルム"
+"を転����ん。�れ�より��証�失敗���。も�大文字�レルムを使用���"
+"場����オプションを 0 以外�設定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:608
 msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
+msgstr "ldap_enumeration_refresh_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:611
@@ -2456,16 +2894,17 @@ msgid ""
 "Specifies how many seconds SSSD has to wait before refreshing its cache of "
 "enumerated records."
 msgstr ""
+"SSSD �列挙レコード�キャッシュを更新�る��待�必���る秒数を指定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
 msgid "Default: 300"
-msgstr ""
+msgstr "�期値: 300"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:622
 msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
+msgstr "ldap_purge_cache_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:625
@@ -2474,53 +2913,56 @@ msgid ""
 "with no members and users who have never logged in) and remove them to save "
 "space."
 msgstr ""
+"使用�����エントリー（メン�ー����グループやログイン�������"
+"ユーザー��）�対��キャッシュを確�����存領域を節約�る����れらを"
+"削除�る間隔を決���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:631
 msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
+msgstr "キャッシュ削除�作を無効��る 0 を��オプションを設定�る方法��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:635
 msgid "Default: 10800 (12 hours)"
-msgstr ""
+msgstr "�期値: 10800 (12 時間)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:641
 msgid "ldap_user_fullname (string)"
-msgstr ""
+msgstr "ldap_user_fullname (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:644
 msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
+msgstr "ユーザー�完全��対応�る LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
 #: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
 #: sssd-ipa.5.xml:422
 msgid "Default: cn"
-msgstr ""
+msgstr "�期値: cn"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:654
 msgid "ldap_user_member_of (string)"
-msgstr ""
+msgstr "ldap_user_member_of (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:657
 msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
+msgstr "ユーザー�グループメン�ーを一覧��る LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
 msgid "Default: memberOf"
-msgstr ""
+msgstr "�期値: memberOf"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:667
 msgid "ldap_user_authorized_service (string)"
-msgstr ""
+msgstr "ldap_user_authorized_service (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:670
@@ -2529,6 +2971,9 @@ msgid ""
 "use the presence of the authorizedService attribute in the user's LDAP entry "
 "to determine access privilege."
 msgstr ""
+"も� access_provider=ldap �� ldap_access_order=authorized_service �ら��"
+"SSSD �アクセス権�を決定�る����ユーザー� LDAP エントリー��る "
+"authorizedService 属性を使用���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:677
@@ -2536,16 +2981,18 @@ msgid ""
 "An explicit deny (!svc) is resolved first. Second, SSSD searches for "
 "explicit allow (svc) and finally for allow_all (*)."
 msgstr ""
+"明示的�拒� (!svc) �始��解決�れ��。次� SSSD �明示的�許� (svc) を検"
+"索���。最後����許� (*) を検索���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:682
 msgid "Default: authorizedService"
-msgstr ""
+msgstr "�期値: authorizedService"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:688
 msgid "ldap_user_authorized_host (string)"
-msgstr ""
+msgstr "ldap_user_authorized_host (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:691
@@ -2554,6 +3001,9 @@ msgid ""
 "presence of the host attribute in the user's LDAP entry to determine access "
 "privilege."
 msgstr ""
+"access_provider=ldap �� ldap_access_order=host �ら�� SSSD �アクセス権�"
+"を決�る����ユーザー� LDAP エントリー��るホスト属性�存在を使用��"
+"�。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:697
@@ -2561,81 +3011,83 @@ msgid ""
 "An explicit deny (!host) is resolved first. Second, SSSD searches for "
 "explicit allow (host) and finally for allow_all (*)."
 msgstr ""
+"明示的�拒� (!host) ���解決�れ��。次� SSSD �明示的�許� (host) を検"
+"索���。最後����許� (*) �検索�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:702
 msgid "Default: host"
-msgstr ""
+msgstr "�期値: host"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:708
 msgid "ldap_group_object_class (string)"
-msgstr ""
+msgstr "ldap_group_object_class (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:711
 msgid "The object class of a group entry in LDAP."
-msgstr ""
+msgstr "LDAP ��るグループエントリー�オブジェクトクラス��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:714
 msgid "Default: posixGroup"
-msgstr ""
+msgstr "�期値: posixGroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:720
 msgid "ldap_group_name (string)"
-msgstr ""
+msgstr "ldap_group_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:723
 msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
+msgstr "グループ��対応�る LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:733
 msgid "ldap_group_gid_number (string)"
-msgstr ""
+msgstr "ldap_group_gid_number (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:736
 msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
+msgstr "グループ� ID �対応�る LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:746
 msgid "ldap_group_member (string)"
-msgstr ""
+msgstr "ldap_group_member (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:749
 msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
+msgstr "グループ�メン�ー���を�む LDAP �属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:753
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
+msgstr "�期値: memberuid (rfc2307) / member (rfc2307bis)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:759
 msgid "ldap_group_uuid (string)"
-msgstr ""
+msgstr "ldap_group_uuid (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:762
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
+msgstr "LDAP グループオブジェクト� UUID/GUID を�む LDAP �属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:772
 msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
+msgstr "ldap_group_modify_timestamp (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:785
 msgid "ldap_group_nesting_level (integer)"
-msgstr ""
+msgstr "ldap_group_nesting_level (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:788
@@ -2644,176 +3096,185 @@ msgid ""
 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
 "follow. This option has no effect on the RFC2307 schema."
 msgstr ""
+"ldap_schema �入れ�グループ (例: RFC2307bis) をサ�ート�るスキーマ形��設"
+"定�れ��る����オプション�入れ� SSSD �����レベルを制御���。�"
+"�オプション� RFC2307 スキーマ����効果��り��ん。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:795
 msgid "Default: 2"
-msgstr ""
+msgstr "�期値: 2"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:801
 msgid "ldap_netgroup_object_class (string)"
-msgstr ""
+msgstr "ldap_netgroup_object_class (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:804
 msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
+msgstr "LDAP ��る�ットワークグループエントリー�オブジェクトクラス��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:807
 msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
 msgstr ""
+"IPA プロ�イダー����� ipa_netgroup_object_class �代�り�使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:811
 msgid "Default: nisNetgroup"
-msgstr ""
+msgstr "�期値: nisNetgroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:817
 msgid "ldap_netgroup_name (string)"
-msgstr ""
+msgstr "ldap_netgroup_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:820
 msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
+msgstr "�ットワークグループ��対応�る LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:824
 msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
+msgstr "IPA プロ�イダー����� ipa_netgroup_name �代�り�使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:834
 msgid "ldap_netgroup_member (string)"
-msgstr ""
+msgstr "ldap_netgroup_member (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:837
 msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
+msgstr "�ットワークグループ�メン�ー���を�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:841
 msgid "In IPA provider, ipa_netgroup_member should be used instead."
 msgstr ""
+"IPA プロ�イダー����� ipa_netgroup_member �代�り�使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:845
 msgid "Default: memberNisNetgroup"
-msgstr ""
+msgstr "�期値: memberNisNetgroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:851
 msgid "ldap_netgroup_triple (string)"
-msgstr ""
+msgstr "ldap_netgroup_triple (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:854
 msgid ""
 "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
+"�ットワークグループ�三�組（ホスト�ユーザー�ドメイン）を�む LDAP 属性�"
+"�。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
 msgid "This option is not available in IPA provider."
-msgstr ""
+msgstr "��オプション� IPA プロ�イダー����利用�能���り��ん。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:861
 msgid "Default: nisNetgroupTriple"
-msgstr ""
+msgstr "�期値: nisNetgroupTriple"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:867
 msgid "ldap_netgroup_uuid (string)"
-msgstr ""
+msgstr "ldap_netgroup_uuid (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:870
 msgid ""
 "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
 msgstr ""
+"LDAP �ットワークグループオブジェクト� UUID/GUID を�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:874
 msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
+msgstr "IPA プロ�イダー����� ipa_netgroup_uuid �代�り�使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:884
 msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
+msgstr "ldap_netgroup_modify_timestamp (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:900
 msgid "ldap_service_object_class (string)"
-msgstr ""
+msgstr "ldap_service_object_class (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:903
 msgid "The object class of a service entry in LDAP."
-msgstr ""
+msgstr "LDAP ��るサービスエントリー�オブジェクトクラス��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:906
 msgid "Default: ipService"
-msgstr ""
+msgstr "�期値: ipService"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:912
 msgid "ldap_service_name (string)"
-msgstr ""
+msgstr "ldap_service_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:915
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
-msgstr ""
+msgstr "サービス属性������エイリアスを�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:925
 msgid "ldap_service_port (string)"
-msgstr ""
+msgstr "ldap_service_port (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:928
 msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
+msgstr "��サービス�より管��れる�ートを�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:932
 msgid "Default: ipServicePort"
-msgstr ""
+msgstr "�期値: ipServicePort"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:938
 msgid "ldap_service_proto (string)"
-msgstr ""
+msgstr "ldap_service_proto (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:941
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
+msgstr "��サービス�より�識�れるプロトコルを�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:945
 msgid "Default: ipServiceProtocol"
-msgstr ""
+msgstr "�期値: ipServiceProtocol"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:951
 msgid "ldap_service_search_base (string)"
-msgstr ""
+msgstr "ldap_service_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:954
 msgid "An optional base DN to restrict service searches to a specific subtree."
 msgstr ""
+"サービス検索を指定��サブツリー�制��る���オプション�ベース DN ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
@@ -2823,18 +3284,20 @@ msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
 msgstr ""
+"複数�検索ベースを設定�る���詳細� <quote>ldap_search_base</quote> を�照"
+"������。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
 #: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
 #: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
+msgstr "�期値: <emphasis>ldap_search_base</emphasis> �値"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:970
 msgid "ldap_search_timeout (integer)"
-msgstr ""
+msgstr "ldap_search_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:973
@@ -2851,16 +3314,19 @@ msgid ""
 "will likely be replaced at some point by a series of timeouts for specific "
 "lookup types."
 msgstr ""
+"注: ��オプション� SSSD �将���ージョン����変更�れる�能性��り�"
+"�。特定�種類�検索����一連�タイムアウト�より�る時点�置���られる"
+"�も�れ��ん。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
 msgid "Default: 6"
-msgstr ""
+msgstr "�期値: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:991
 msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
+msgstr "ldap_enumeration_search_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:994
@@ -2873,12 +3339,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1001
 msgid "Default: 60"
-msgstr ""
+msgstr "�期値: 60"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1007
 msgid "ldap_network_timeout (integer)"
-msgstr ""
+msgstr "ldap_network_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1010
@@ -2890,11 +3356,16 @@ msgid ""
 "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
 "citerefentry> returns in case of no activity."
 msgstr ""
+"<citerefentry> <refentrytitle>connect</refentrytitle> <manvolnum>2</"
+"manvolnum> </citerefentry> �続�� <citerefentry> <refentrytitle>poll</"
+"refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/<citerefentry> "
+"<refentrytitle>select</refentrytitle> <manvolnum>2</manvolnum> </"
+"citerefentry> �未使用を返��後�タイムアウト（秒��）を指定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1033
 msgid "ldap_opt_timeout (integer)"
-msgstr ""
+msgstr "ldap_opt_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1036
@@ -2903,11 +3374,13 @@ msgid ""
 "will abort if no response is received. Also controls the timeout when "
 "communicating with the KDC in case of SASL bind."
 msgstr ""
+"�期 LDAP API を呼�出��未応答�場��中止�れ�後�タイムアウト（秒��）"
+"を指定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1048
 msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
+msgstr "ldap_connection_expire_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1051
@@ -2921,12 +3394,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1059
 msgid "Default: 900 (15 minutes)"
-msgstr ""
+msgstr "�期値: 900 (15 分)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1065
 msgid "ldap_page_size (integer)"
-msgstr ""
+msgstr "ldap_page_size (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1068
@@ -2934,16 +3407,18 @@ msgid ""
 "Specify the number of records to retrieve from LDAP in a single request. "
 "Some LDAP servers enforce a maximum limit per-request."
 msgstr ""
+"1 回��求� LDAP �ら�得�るレコード数を指定���。����� LDAP サー"
+"�ー� 1 �求��り�最大数�制�を強制���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1073
 msgid "Default: 1000"
-msgstr ""
+msgstr "�期値: 1000"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1079
 msgid "ldap_disable_paging"
-msgstr ""
+msgstr "ldap_disable_paging"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1082
@@ -2952,6 +3427,9 @@ msgid ""
 "server reports that it supports the LDAP paging control in its RootDSE but "
 "it is not enabled or does not behave properly."
 msgstr ""
+"LDAP ページング制御を無効����。LDAP サー�ー��� RootDSE ���� LDAP "
+"ページング制御をサ�ート�る��有効化�れ�����も���正��動作���"
+"��を報告�る場�����オプション�使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1088
@@ -2959,6 +3437,9 @@ msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use it."
 msgstr ""
+"例: サー�ー�ページング制御モジュール�インストール�れ��る��RootDSE �"
+"���有効化�れ�����報告�れ��れを使用���� OpenLDAP サー�ー�"
+"�。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1094
@@ -2967,11 +3448,14 @@ msgid ""
 "a time on a single connection. On busy clients, this can result in some "
 "requests being denied."
 msgstr ""
+"例: 389 DS ��一�接続�����時� 1 ��ページ制御��をサ�ート���。"
+"負��高�クライアント������������求�拒��れる�果��る�能性"
+"��り��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1103
 msgid "ldap_deref_threshold (integer)"
-msgstr ""
+msgstr "ldap_deref_threshold (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1106
@@ -3007,7 +3491,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1137
 msgid "ldap_tls_reqcert (string)"
-msgstr ""
+msgstr "ldap_tls_reqcert (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1140
@@ -3015,6 +3499,8 @@ msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
+"も��れ�� TLS セッション����サー�ー証明書����実行�る����ェッ"
+"ク�るも�を指定���。以下�値��� 1 �を指定����:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1146
@@ -3022,6 +3508,8 @@ msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
+"<emphasis>never</emphasis> = クライアント�����サー�ー証明書を�求���"
+"確����ん。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1150
@@ -3030,6 +3518,9 @@ msgid ""
 "certificate is provided, the session proceeds normally. If a bad certificate "
 "is provided, it will be ignored and the session proceeds normally."
 msgstr ""
+"<emphasis>allow</emphasis> = サー�ー証明書��求�れ��。証明書��供�れ�"
+"�れ��セッション�通常通り進�られ��。�正�証明書��供�れる���れ�"
+"無視�れ�セッション�通常通り進�られ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1157
@@ -3038,6 +3529,9 @@ msgid ""
 "certificate is provided, the session proceeds normally. If a bad certificate "
 "is provided, the session is immediately terminated."
 msgstr ""
+"<emphasis>try</emphasis> = サー�ー証明書��求�れ��。証明書��供�れ��"
+"れ��セッション�通常通り進�られ��。�正�証明書��供�れる��セッショ"
+"ン�直��終了���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1163
@@ -3046,21 +3540,23 @@ msgid ""
 "certificate is provided, or a bad certificate is provided, the session is "
 "immediately terminated."
 msgstr ""
+"<emphasis>demand</emphasis> = サー�ー証明書��求�れ��。証明書��供�れ"
+"��れ��も����正�証明書��供�れれ��セッション�直��終了���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1169
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
+msgstr "<emphasis>hard</emphasis> = <quote>demand</quote> �����"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1173
 msgid "Default: hard"
-msgstr ""
+msgstr "�期値: hard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1179
 msgid "ldap_tls_cacert (string)"
-msgstr ""
+msgstr "ldap_tls_cacert (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1182
@@ -3068,6 +3564,9 @@ msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
+"Specifies the file that contains certificates for all of the Certificate "
+"Authorities that <command>sssd</command> ��識�る�����証局�対�る証明"
+"書を�むファイルを指定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
@@ -3075,11 +3574,13 @@ msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
+"�期値: OpenLDAP ��期値�使用�一般的� <filename>/etc/openldap/ldap.conf</"
+"filename> ��り��"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1194
 msgid "ldap_tls_cacertdir (string)"
-msgstr ""
+msgstr "ldap_tls_cacertdir (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1197
@@ -3089,37 +3590,41 @@ msgid ""
 "be the hash of the certificate followed by '.0'.  If available, "
 "<command>cacertdir_rehash</command> can be used to create the correct names."
 msgstr ""
+"個別�ファイル� CA 証明書を�むディレクトリー�パスを指定���。一般的�"
+"ファイル�� '.0' �終�る証明書��ッシュ��る必���り��。利用�能�ら"
+"��<command>cacertdir_rehash</command> �正����を作��る���使用��"
+"��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1212
 msgid "ldap_tls_cert (string)"
-msgstr ""
+msgstr "ldap_tls_cert (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1215
 msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
+msgstr "クライアント�キー�対�る証明書を�むファイルを指定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
 #: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
 msgid "Default: not set"
-msgstr ""
+msgstr "�期値: 設定�れ��ん"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1225
 msgid "ldap_tls_key (string)"
-msgstr ""
+msgstr "ldap_tls_key (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1228
 msgid "Specifies the file that contains the client's key."
-msgstr ""
+msgstr "クライアント�キーを�むファイルを指定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1237
 msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
+msgstr "ldap_tls_cipher_suite (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1240
@@ -3128,11 +3633,14 @@ msgid ""
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
 "<manvolnum>5</manvolnum></citerefentry> for format."
 msgstr ""
+"利用�能�暗�機能を指定���。�れ�一般的�コロン区切り�一覧��。形��"
+"���� <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> を�照������。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1253
 msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
+msgstr "ldap_id_use_start_tls (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1256
@@ -3140,11 +3648,13 @@ msgid ""
 "Specifies that the id_provider connection must also use <systemitem class="
 "\"protocol\">tls</systemitem> to protect the channel."
 msgstr ""
+"�ャ�ルを�護�る��� <systemitem class=\"protocol\">tls</systemitem> も使"
+"用�る必���る id_provider 接続を指定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1266
 msgid "ldap_sasl_mech (string)"
-msgstr ""
+msgstr "ldap_sasl_mech (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1269
@@ -3152,16 +3662,18 @@ msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
 msgstr ""
+"使用�る SASL メカニズムを指定���。�在 GSSAPI ���テスト�れサ�ート�"
+"れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
 msgid "Default: none"
-msgstr ""
+msgstr "�期値: none"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1279
 msgid "ldap_sasl_authid (string)"
-msgstr ""
+msgstr "ldap_sasl_authid (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1282
@@ -3169,16 +3681,18 @@ msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory."
 msgstr ""
+"使用�る SASL �� ID を指定���。 GSSAPI �使用�れる����れ��証��"
+"��使用�れる Kerberos プリンシパルをディレクトリー�表��れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1287
 msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
+msgstr "�期値: host/machine.fqdn@REALM"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1293
 msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
+msgstr "ldap_sasl_canonicalize (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1296
@@ -3186,31 +3700,34 @@ msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
+"真�設定�れ��る�� LDAP ライブラリー� SASL �インド中�ホスト�を正�化"
+"�る���逆引�を実行���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1301
 msgid "Default: false;"
-msgstr ""
+msgstr "�期値: false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1307
 msgid "ldap_krb5_keytab (string)"
-msgstr ""
+msgstr "ldap_krb5_keytab (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1310
 msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
+msgstr "SASL/GSSAPI を使用�る���使用�るキーテーブルを指定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1313
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
+"�期値: システム�キーテーブル�通常 <filename>/etc/krb5.keytab</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1319
 msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
+msgstr "ldap_krb5_init_creds (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1322
@@ -3219,26 +3736,29 @@ msgid ""
 "action is performed only if SASL is used and the mechanism selected is "
 "GSSAPI."
 msgstr ""
+"Kerberos クレディンシャル (TGT) を�期化�る id_provider を指定���。���"
+"作�� SASL �使用�れ��択�れ�メカニズム� GSSAPI ��る場���実行�れ"
+"��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1334
 msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
+msgstr "ldap_krb5_ticket_lifetime (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1337
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
+msgstr "GSSAPI �使用�れ��る場��TGT �有効期間を秒���指定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1341
 msgid "Default: 86400 (24 hours)"
-msgstr ""
+msgstr "�期値: 86400 (24 時間)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
 msgid "krb5_server (string)"
-msgstr ""
+msgstr "krb5_server (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
@@ -3259,6 +3779,9 @@ msgid ""
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
 "none are found."
 msgstr ""
+"KDC ��� kpasswd サー�ー�対��サービス検索を使用�る���SSSD ���プ"
+"ロトコル��� _udp を指定�る DNS エントリーを検索���何も見��ら��れ"
+"� _tcp �フォール�ック���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
@@ -3267,26 +3790,29 @@ msgid ""
 "While the legacy name is recognized for the time being, users are advised to "
 "migrate their config files to use <quote>krb5_server</quote> instead."
 msgstr ""
+"��オプション�以�� SSSD ���� <quote>krb5_kdcip</quote> �������"
+"�。�������ら���られる間�ユーザー�代�り� <quote>krb5_server</"
+"quote> を使用�るよ�設定ファイルを移行�る���推奨�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
-msgstr ""
+msgstr "krb5_realm (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1379
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
+msgstr "(SASL/GSSAPI �証��) Kerberos レルムを指定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1382
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
+msgstr "�期値: システム��期値�<filename>/etc/krb5.conf</filename> �照。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
 msgid "krb5_canonicalize (boolean)"
-msgstr ""
+msgstr "krb5_canonicalize (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1391
@@ -3298,7 +3824,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1403
 msgid "ldap_pwd_policy (string)"
-msgstr ""
+msgstr "ldap_pwd_policy (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1406
@@ -3306,6 +3832,8 @@ msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
+"クライアント�����パスワード期�切れを評価�る����リシーを�択��"
+"�。以下�値�許容�れ��:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1411
@@ -3313,6 +3841,8 @@ msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
+"<emphasis>none</emphasis> - クライアント�����評価���ん。��オプショ"
+"ン�サー�ー��パスワード�リシーを無効�����ん。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1416
@@ -3321,6 +3851,9 @@ msgid ""
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
 "evaluate if the password has expired."
 msgstr ""
+"<emphasis>shadow</emphasis> - パスワード�失効���を評価�る��� "
+"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> 形��属性を使用���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1422
@@ -3329,16 +3862,19 @@ msgid ""
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
 "these attributes when the password is changed."
 msgstr ""
+"<emphasis>mit_kerberos</emphasis> - パスワード�期�切れ���る�を決定�る"
+"��� MIT Kerberos �より使用�れる属性を使用���。パスワード�変更�れる"
+"����れら�属性を更新�る��� chpass_provider=krb5 を使用���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1434
 msgid "ldap_referrals (boolean)"
-msgstr ""
+msgstr "ldap_referrals (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1437
 msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
+msgstr "自動�照追跡�有効化�れる�を指定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1441
@@ -3346,26 +3882,29 @@ msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
+"OpenLDAP �ージョン 2.4.13 �よ��れ以���も�コンパイル�れ��る��� "
+"sssd ����照追跡をサ�ート�る���注�������。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1452
 msgid "ldap_dns_service_name (string)"
-msgstr ""
+msgstr "ldap_dns_service_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1455
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
+"サービス検索�有効��れ��る���使用�るサービス���を指定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1459
 msgid "Default: ldap"
-msgstr ""
+msgstr "�期値: ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1465
 msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
+msgstr "ldap_chpass_dns_service_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1468
@@ -3373,16 +3912,18 @@ msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
+"サービス検索�有効��れ��る����パスワード変更を許��る LDAP サー�ー"
+"を検索�る���使用�るサービス���を指定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1473
 msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
+msgstr "�期値: 設定�れ����ん���りサービス検索�無効��れ����"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1479
 msgid "ldap_access_filter (string)"
-msgstr ""
+msgstr "ldap_access_filter (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1482
@@ -3393,11 +3934,16 @@ msgid ""
 "it will result in all users being denied access. Use access_provider = allow "
 "to change this default behavior."
 msgstr ""
+"access_provider = ldap を使用���る�ら����オプション�必須��。��ホ"
+"スト����アクセス�許��れるユーザー�対��満��れる必���る LDAP 検"
+"索フィルター基準を指定���。 access_provider = ldap ����オプション�設"
+"定�れ����������ユーザー�アクセスを拒��れる�果��り��。��"
+"�期値�よる動作を変更�る�� access_provider = allow を使用���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
 msgid "Example:"
-msgstr ""
+msgstr "例:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 #: sssd-ldap.5.xml:1495
@@ -3407,6 +3953,9 @@ msgid ""
 "ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
 "                        "
 msgstr ""
+"access_provider = ldap\n"
+"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+"                        "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1499
@@ -3414,6 +3963,8 @@ msgid ""
 "This example means that access to this host is restricted to members of the "
 "\"allowedusers\" group in ldap."
 msgstr ""
+"��例����ホスト��アクセス� LDAP ��る \"allowedusers\" グループ�メ"
+"ン�ー�制��れる��を�味���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1504
@@ -3427,12 +3978,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
 msgid "Default: Empty"
-msgstr ""
+msgstr "�期値: 空白"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1518
 msgid "ldap_account_expire_policy (string)"
-msgstr ""
+msgstr "ldap_account_expire_policy (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1521
@@ -3440,6 +3991,8 @@ msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
+"��オプションを使用�る��アクセス制御属性�クライアント�評価�有効��り"
+"��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1525
@@ -3448,11 +4001,14 @@ msgid ""
 "i.e. the LDAP server should deny the bind request with a suitable error code "
 "even if the password is correct."
 msgstr ""
+"必�サー�ー��アクセス制御を使用�る���推奨�れる���注������"
+"�。��り�パスワード�正��������切�エラーコード��インド�求を拒"
+"����。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1532
 msgid "The following values are allowed:"
-msgstr ""
+msgstr "以下�値�許��れ��:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1535
@@ -3460,6 +4016,8 @@ msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
+"<emphasis>shadow</emphasis>: アカウント�失効���る�を決�る��� "
+"ldap_user_shadow_expire �値を使用���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1540
@@ -3477,6 +4035,9 @@ msgid ""
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
 "allowed or not."
 msgstr ""
+"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
+"emphasis>: アクセス�許��れる��れ���を確��る��� "
+"ldap_ns_account_lock �値を使用���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1553
@@ -3486,26 +4047,31 @@ msgid ""
 "ldap_user_nds_login_expiration_time are used to check if access is allowed. "
 "If both attributes are missing access is granted."
 msgstr ""
+"<emphasis>nds</emphasis>: アクセス�許��れる�を確��る��� the values "
+"of ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled �よ� "
+"ldap_user_nds_login_expiration_time �値�使用�れ��。��値も��れ��ア"
+"クセス�許��れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1568
 msgid "ldap_access_order (string)"
-msgstr ""
+msgstr "ldap_access_order (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1571
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
+"アクセス制御オプション�カンマ区切り一覧��。許��れる値�次���り��:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1575
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
+msgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用���"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1578
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
+msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用���"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1582
@@ -3513,28 +4079,31 @@ msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
+"<emphasis>authorized_service</emphasis>: アクセス権を決定�る��� "
+"authorizedService 属性を使用���"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1587
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
+"<emphasis>host</emphasis>: アクセス権を決�る��� host 属性を使用���"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1591
 msgid "Default: filter"
-msgstr ""
+msgstr "�期値: filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1594
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
-msgstr ""
+msgstr "値�複数使用�れ��る�設定エラー��る���注�������。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1601
 msgid "ldap_deref (string)"
-msgstr ""
+msgstr "ldap_deref (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1604
@@ -3542,11 +4111,13 @@ msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
+"検索を実行�る�����よ���照解決を実行�る�を指定���。以下�オプ"
+"ション�許容�れ��:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1609
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
+msgstr "<emphasis>never</emphasis>: エイリアス��照解決�れ��ん。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1613
@@ -3554,6 +4125,8 @@ msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
+"<emphasis>searching</emphasis>: エイリアス�ベースオブジェクト�下���照解"
+"決�れ����検索�ベースオブジェクト��置を探�����れ��ん。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1618
@@ -3561,6 +4134,8 @@ msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
+"<emphasis>finding</emphasis>: エイリアス�検索�ベースオブジェクト��置を探"
+"������照解決�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1623
@@ -3568,6 +4143,8 @@ msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
+"<emphasis>always</emphasis>: エイリアス�検索�ベースオブジェクトを検索�る�"
+"�も�置を検索�る��も�照解決�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1628
@@ -3575,6 +4152,8 @@ msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
+"�期値: 空白（LDAP クライアントライブラリ�より <emphasis>never</emphasis> �"
+"���り扱�れ��）"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:51
@@ -3585,56 +4164,61 @@ msgid ""
 "manvolnum> </citerefentry> manual page for full details.  <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
+"SSSD ドメイン��用�る����全体設定オプションを LDAP ドメイン��用��"
+"�。完全�詳細� <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> マニュアルページ� <quote>ドメインセ"
+"クション</quote> を�照������。  <placeholder type=\"variablelist\" id="
+"\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:1639
 msgid "SUDO OPTIONS"
-msgstr ""
+msgstr "SUDO オプション"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1644
 msgid "ldap_sudorule_object_class (string)"
-msgstr ""
+msgstr "ldap_sudorule_object_class (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1647
 msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
+msgstr "LDAP ��る sudo ルールエントリー�オブジェクトクラス��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1650
 msgid "Default: sudoRole"
-msgstr ""
+msgstr "�期値: sudoRole"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1656
 msgid "ldap_sudorule_name (string)"
-msgstr ""
+msgstr "ldap_sudorule_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1659
 msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
+msgstr "sudo ルール��対応�る LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1669
 msgid "ldap_sudorule_command (string)"
-msgstr ""
+msgstr "ldap_sudorule_command (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1672
 msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
+msgstr "コマンド��対応�る LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1676
 msgid "Default: sudoCommand"
-msgstr ""
+msgstr "�期値: sudoCommand"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1682
 msgid "ldap_sudorule_host (string)"
-msgstr ""
+msgstr "ldap_sudorule_host (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1685
@@ -3642,16 +4226,18 @@ msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
 msgstr ""
+"ホスト�（���ホスト IP アドレス�ホスト IP �ットワーク�ホスト�ットワー"
+"クグループ）�対応�る LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1690
 msgid "Default: sudoHost"
-msgstr ""
+msgstr "�期値: sudoHost"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1696
 msgid "ldap_sudorule_user (string)"
-msgstr ""
+msgstr "ldap_sudorule_user (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1699
@@ -3659,48 +4245,50 @@ msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
 msgstr ""
+"ユーザー�（��� UID�グループ��ユーザー��ットワークグループ）�対応�"
+"る LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1703
 msgid "Default: sudoUser"
-msgstr ""
+msgstr "�期値: sudoUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1709
 msgid "ldap_sudorule_option (string)"
-msgstr ""
+msgstr "ldap_sudorule_option (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1712
 msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
+msgstr "sudo オプション�対応�る LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1716
 msgid "Default: sudoOption"
-msgstr ""
+msgstr "�期値: sudoOption"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1722
 msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
+msgstr "ldap_sudorule_runasuser (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1725
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
-msgstr ""
+msgstr "コマンドを実行�るユーザー��対応�る LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1729
 msgid "Default: sudoRunAsUser"
-msgstr ""
+msgstr "�期値: sudoRunAsUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1735
 msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
+msgstr "ldap_sudorule_runasgroup (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1738
@@ -3708,33 +4296,34 @@ msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
 msgstr ""
+"コマンドを実行�るグループ����グループ� GID �対応�る LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1742
 msgid "Default: sudoRunAsGroup"
-msgstr ""
+msgstr "�期値: sudoRunAsGroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1748
 msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
+msgstr "ldap_sudorule_notbefore (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1751
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
-msgstr ""
+msgstr "sudo ルール�有効��る開始日時�対応�る LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1755
 msgid "Default: sudoNotBefore"
-msgstr ""
+msgstr "�期値: sudoNotBefore"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1761
 msgid "ldap_sudorule_notafter (string)"
-msgstr ""
+msgstr "ldap_sudorule_notafter (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1764
@@ -3742,31 +4331,33 @@ msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
 msgstr ""
+"sudo ルール�有効�������後��期�切れ��る日時�対応�る LDAP 属性�"
+"�。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1769
 msgid "Default: sudoNotAfter"
-msgstr ""
+msgstr "�期値: sudoNotAfter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1775
 msgid "ldap_sudorule_order (string)"
-msgstr ""
+msgstr "ldap_sudorule_order (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1778
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
+msgstr "ルール�並�替�インデックス�対応�る LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1782
 msgid "Default: sudoOrder"
-msgstr ""
+msgstr "�期値: sudoOrder"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1788
 msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
+msgstr "ldap_sudo_refresh_enabled (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1791
@@ -3774,83 +4365,89 @@ msgid ""
 "Enables periodical download of all sudo rules.  The cache is purged before "
 "each update."
 msgstr ""
+"���� sudo ルール�定期的�ダウンロードを有効����。キャッシュ��れ�"
+"れ�更新��掃除�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1801
 msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
+msgstr "ldap_sudo_refresh_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1804
 msgid ""
 "How many seconds SSSD has to wait before refreshing its cache of sudo rules."
 msgstr ""
+"SSSD � sudo ルール�キャッシュを更新�る��待���れ�����秒数��。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1642
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
+msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1815
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
+"explanation of sudo related attribute semantics, see <citerefentry> "
 "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
 "citerefentry>"
 msgstr ""
+"��マニュアルページ�属性�マッピング��を説明���。 sudo �関連�る属性"
+"セマンティック�詳細�説明� <citerefentry> <refentrytitle>sudoers.ldap</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry> を�照������"
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:1825
 msgid "AUTOFS OPTIONS"
-msgstr ""
+msgstr "AUTOFS オプション"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1827
 msgid ""
 "Please note that the default values correspond to the default schema which "
 "is RFC2307."
-msgstr ""
+msgstr "�期値� RFC2307 �標準スキーマ�対応�る���注�������。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1834
 msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
+msgstr "ldap_autofs_map_object_class (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
 msgid "The object class of an automount map entry in LDAP."
-msgstr ""
+msgstr "LDAP ��る automount マップエントリー�オブジェクトクラス��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
 msgid "Default: automountMap"
-msgstr ""
+msgstr "�期値: automountMap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1847
 msgid "ldap_autofs_map_name (string)"
-msgstr ""
+msgstr "ldap_autofs_map_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1850
 msgid "The name of an automount map entry in LDAP."
-msgstr ""
+msgstr "LDAP ���る automount �マップエントリー�����。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1853
 msgid "Default: ou"
-msgstr ""
+msgstr "�期値: ou"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1860
 msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
+msgstr "ldap_autofs_entry_object_class (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1874
 msgid "ldap_autofs_entry_key (string)"
-msgstr ""
+msgstr "ldap_autofs_entry_key (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
@@ -3858,16 +4455,18 @@ msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
 msgstr ""
+"LDAP ��る automount エントリー�キー��。エントリー�一般的�マウント�イ"
+"ント�対応���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1888
 msgid "ldap_autofs_entry_value (string)"
-msgstr ""
+msgstr "ldap_autofs_entry_value (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1895
 msgid "Default: automountInformation"
-msgstr ""
+msgstr "�期値: automountInformation"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1832
@@ -3877,47 +4476,55 @@ msgid ""
 "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
 "\"variablelist\" id=\"4\"/>"
 msgstr ""
+"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
+"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
+"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
+"\"variablelist\" id=\"4\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:1904
 msgid "ADVANCED OPTIONS"
-msgstr ""
+msgstr "高度�オプション"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1911
 msgid "ldap_netgroup_search_base (string)"
-msgstr ""
+msgstr "ldap_netgroup_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1914
 msgid ""
 "An optional base DN to restrict netgroup searches to a specific subtree."
 msgstr ""
+"�ットワークグループ�検索を特定�サブツリー�制��る���オプション�ベー"
+"ス DN ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1930
 msgid "ldap_user_search_base (string)"
-msgstr ""
+msgstr "ldap_user_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1933
 msgid "An optional base DN to restrict user searches to a specific subtree."
 msgstr ""
+"ユーザー�検索を特定�サブツリー�制��る���オプション�ベース DN ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1949
 msgid "ldap_group_search_base (string)"
-msgstr ""
+msgstr "ldap_group_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1952
 msgid "An optional base DN to restrict group searches to a specific subtree."
 msgstr ""
+"グループ�検索を特定�サブツリー�制��る���オプション�ベース DN ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1968
 msgid "ldap_user_search_filter (string)"
-msgstr ""
+msgstr "ldap_user_search_filter (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1971
@@ -3925,6 +4532,8 @@ msgid ""
 "This option specifies an additional LDAP search filter criteria that "
 "restrict user searches."
 msgstr ""
+"��オプション��ユーザー検索を制��る�追加� LDAP 検索フィルター基準を指"
+"定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1975
@@ -3932,6 +4541,8 @@ msgid ""
 "This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
 "by ldap_user_search_base."
 msgstr ""
+"��オプション� ldap_user_search_base �より使用�れる構文���を�ん�"
+"<emphasis>廃止�れ��</emphasis>。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 #: sssd-ldap.5.xml:1985
@@ -3940,6 +4551,8 @@ msgid ""
 "                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
 "                        "
 msgstr ""
+"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
+"                        "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1988
@@ -3947,11 +4560,13 @@ msgid ""
 "This filter would restrict user searches to users that have their shell set "
 "to /bin/tcsh."
 msgstr ""
+"��フィルター��ユーザー検索をシェル� /bin/tcsh �設定�れ��るユーザー�"
+"制��れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1995
 msgid "ldap_group_search_filter (string)"
-msgstr ""
+msgstr "ldap_group_search_filter (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1998
@@ -3959,6 +4574,8 @@ msgid ""
 "This option specifies an additional LDAP search filter criteria that "
 "restrict group searches."
 msgstr ""
+"��オプション��グループ検索を制��る�追加� LDAP 検索フィルター基準を指"
+"定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2002
@@ -3966,28 +4583,34 @@ msgid ""
 "This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
 "by ldap_group_search_base."
 msgstr ""
+"��オプション� ldap_group_search_base �より使用�れる構文���を�ん�"
+"<emphasis>廃止�れ��</emphasis>。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:2012
 msgid "ldap_sudo_search_base (string)"
-msgstr ""
+msgstr "ldap_sudo_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2015
 msgid ""
 "An optional base DN to restrict sudo rules searches to a specific subtree."
 msgstr ""
+"sudo ルール検索を指定��サブツリー�制��る���オプション�ベース DN �"
+"�。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:2034
 msgid "ldap_autofs_search_base (string)"
-msgstr ""
+msgstr "ldap_autofs_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2037
 msgid ""
 "An optional base DN to restrict automounter searches to a specific subtree."
 msgstr ""
+"automounter 検索を指定��サブツリー�制��る���オプション�ベース DN �"
+"�。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1906
@@ -3996,6 +4619,9 @@ msgid ""
 "caution. Please include them in your configuration only if you know what you "
 "are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
+"�れら�オプション� LDAP ドメイン�よりサ�ート�れ����注���使用�る"
+"必���り��。自分�何を���る�を�解���る場����設定������"
+"��。 <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:2066
@@ -4004,6 +4630,9 @@ msgid ""
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
 "section."
 msgstr ""
+"以下�例��SSSD �正��設定�れ�LDAP � <replaceable>[domains]</"
+"replaceable> セクション��るドメイン��れ��設定�れ��る�仮定����"
+"�。"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-ldap.5.xml:2072
@@ -4018,17 +4647,25 @@ msgid ""
 "    cache_credentials = true\n"
 "    enumerate = true\n"
 msgstr ""
+"    [domain/LDAP]\n"
+"    id_provider = ldap\n"
+"    auth_provider = ldap\n"
+"    ldap_uri = ldap://ldap.mydomain.org\n"
+"    ldap_search_base = dc=mydomain,dc=org\n"
+"    ldap_tls_reqcert = demand\n"
+"    cache_credentials = true\n"
+"    enumerate = true\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
 #: sssd-krb5.5.xml:441
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
+msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
 msgid "NOTES"
-msgstr ""
+msgstr "注記"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:2087
@@ -4038,6 +4675,10 @@ msgid ""
 "<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
 "distribution."
 msgstr ""
+"��マニュアルページ��る設定オプション������説明��OpenLDAP 2.4 ディ"
+"ストリビューション�ら <citerefentry> <refentrytitle>ldap.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページ�基"
+"������。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:2098
@@ -4047,6 +4688,10 @@ msgid ""
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 msgstr ""
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 
 #. type: Content of: <refentryinfo>
 #: pam_sss.8.xml:8 include/upstream.xml:2
@@ -4054,16 +4699,18 @@ msgid ""
 "<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
 "fedorahosted.org/sssd</orgname>"
 msgstr ""
+"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
+"fedorahosted.org/sssd</orgname>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: pam_sss.8.xml:13 pam_sss.8.xml:18
 msgid "pam_sss"
-msgstr ""
+msgstr "pam_sss"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: pam_sss.8.xml:19
 msgid "PAM module for SSSD"
-msgstr ""
+msgstr "SSSD � PAM モジュール"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: pam_sss.8.xml:24
@@ -4075,6 +4722,12 @@ msgid ""
 "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
 "arg>"
 msgstr ""
+"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
+"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: pam_sss.8.xml:45
@@ -4083,21 +4736,24 @@ msgid ""
 "Services daemon (SSSD). Errors and results are logged through <command>syslog"
 "(3)</command> with the LOG_AUTHPRIV facility."
 msgstr ""
+"<command>pam_sss.so</command> � System Security Services daemon (SSSD) �� "
+"PAM インターフェース��。エラー��果� <command>syslog(3)</command> を通�"
+"� LOG_AUTHPRIV ファシリティ�ログ記録�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:55
 msgid "<option>quiet</option>"
-msgstr ""
+msgstr "<option>quiet</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:58
 msgid "Suppress log messages for unknown users."
-msgstr ""
+msgstr "�明�ユーザー�ログメッセージを抑制���。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:63
 msgid "<option>forward_pass</option>"
-msgstr ""
+msgstr "<option>forward_pass</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:66
@@ -4105,11 +4761,13 @@ msgid ""
 "If <option>forward_pass</option> is set the entered password is put on the "
 "stack for other PAM modules to use."
 msgstr ""
+"<option>forward_pass</option> �設定�れ��る��他� PAM モジュール�使用�"
+"る����入力�れ�パスワード�スタック�置�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:73
 msgid "<option>use_first_pass</option>"
-msgstr ""
+msgstr "<option>use_first_pass</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:76
@@ -4118,11 +4776,14 @@ msgid ""
 "modules password and will never prompt the user - if no password is "
 "available or the password is not appropriate, the user will be denied access."
 msgstr ""
+"引数 use_first_pass �強制的�モジュール���スタック�れ�モジュール�パス"
+"ワードを使用���ユーザー�入力����ん。パスワード�何も利用�能���"
+"�����パスワード��切���れ��ユーザー�アクセスを拒��れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:84
 msgid "<option>use_authtok</option>"
-msgstr ""
+msgstr "<option>use_authtok</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:87
@@ -4130,11 +4791,13 @@ msgid ""
 "When password changing enforce the module to set the new password to the one "
 "provided by a previously stacked password module."
 msgstr ""
+"パスワードを変更�る���モジュール�強制的�新��パスワードを���スタッ"
+"ク�れ�パスワードモジュール�設定���。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:94
 msgid "<option>retry=N</option>"
-msgstr ""
+msgstr "<option>retry=N</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:97
@@ -4142,6 +4805,8 @@ msgid ""
 "If specified the user is asked another N times for a password if "
 "authentication fails. Default is 0."
 msgstr ""
+"指定�れ��る���証�失敗��場��パスワードを�� N 回ユーザー�����"
+"���。�期値� 0 ��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:99
@@ -4154,7 +4819,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:110
 msgid "MODULE TYPES PROVIDED"
-msgstr ""
+msgstr "�供�れるモジュール形�"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: pam_sss.8.xml:111
@@ -4162,11 +4827,13 @@ msgid ""
 "All module types (<option>account</option>, <option>auth</option>, "
 "<option>password</option> and <option>session</option>) are provided."
 msgstr ""
+"����モジュール形� (<option>account</option>, <option>auth</option>, "
+"<option>password</option> �よ� <option>session</option>) ��供�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:117
 msgid "FILES"
-msgstr ""
+msgstr "ファイル"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: pam_sss.8.xml:118
@@ -4195,6 +4862,9 @@ msgid ""
 "DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
 "displayed."
 msgstr ""
+"�れら�ファイル�ディレクトリー <filename>/etc/sssd/customize/DOMAIN_NAME/</"
+"filename> ����検索�れ��。一致�るファイル���れ��一般的�メッセー"
+"ジ�表示�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: pam_sss.8.xml:141
@@ -4202,11 +4872,13 @@ msgid ""
 "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
 "manvolnum> </citerefentry>"
 msgstr ""
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
 msgid "sssd_krb5_locator_plugin"
-msgstr ""
+msgstr "sssd_krb5_locator_plugin"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd_krb5_locator_plugin.8.xml:22
@@ -4249,6 +4921,8 @@ msgid ""
 "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
 "debug messages will be sent to stderr."
 msgstr ""
+"環境変数 SSSD_KRB5_LOCATOR_DEBUG �何ら��値�設定�れ��る��デ�ッグメッ"
+"セージ�標準エラー��られ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd_krb5_locator_plugin.8.xml:77
@@ -4258,16 +4932,20 @@ msgid ""
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 msgstr ""
+"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-simple.5.xml:10 sssd-simple.5.xml:16
 msgid "sssd-simple"
-msgstr ""
+msgstr "sssd-simple"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-simple.5.xml:17
 msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
+msgstr "SSSD � 'simple' アクセス制御プロ�イダー�設定ファイル��。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-simple.5.xml:24
@@ -4279,6 +4957,11 @@ msgid ""
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry> manual page."
 msgstr ""
+"��マニュアル� <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> �対��簡��アクセス制御�設定を説"
+"明�����。詳細� <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> マニュアルページ� <quote>ファイル形"
+"�</quote> セクションを�照������。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-simple.5.xml:38
@@ -4286,11 +4969,13 @@ msgid ""
 "The simple access provider grants or denies access based on an access or "
 "deny list of user or group names. The following rules apply:"
 msgstr ""
+"シンプルアクセスプロ�イダー��ユーザー����グループ��アクセス���拒"
+"��一覧�基���アクセスを許����拒����。以下�例を�用���:"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-simple.5.xml:43
 msgid "If all lists are empty, access is granted"
-msgstr ""
+msgstr "����一覧�空白�ら��アクセス���られ��"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-simple.5.xml:47
@@ -4298,6 +4983,9 @@ msgid ""
 "If any list is provided, the order of evaluation is allow,deny. This means "
 "that any matching deny rule will supersede any matched allow rule."
 msgstr ""
+"何ら��一覧��供�れ��る��許�（allow）�拒�（deny）�順�評価�れ�"
+"�。拒�ルール�一致�る����も���許�ルール�一致�る����も�を更"
+"新�る��を�味���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-simple.5.xml:54
@@ -4305,6 +4993,8 @@ msgid ""
 "If either or both \"allow\" lists are provided, all users are denied unless "
 "they appear in the list."
 msgstr ""
+"\"allow\" 一覧��供�れ��る������ユーザー���一覧�表れ��れ�拒"
+"��れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-simple.5.xml:60
@@ -4312,31 +5002,33 @@ msgid ""
 "If only \"deny\" lists are provided, all users are granted access unless "
 "they appear in the list."
 msgstr ""
+"\"deny\" 一覧����供�れ��る��ユーザー���一覧�表れ���り����"
+"�ユーザー�アクセスを許��れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-simple.5.xml:78
 msgid "simple_allow_users (string)"
-msgstr ""
+msgstr "simple_allow_users (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-simple.5.xml:81
 msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
+msgstr "ログイン�許��れ�ユーザー�カンマ区切り一覧��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-simple.5.xml:88
 msgid "simple_deny_users (string)"
-msgstr ""
+msgstr "simple_deny_users (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-simple.5.xml:91
 msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
+msgstr "アクセス�明示的�拒��れ�ユーザー�カンマ区切り一覧��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-simple.5.xml:97
 msgid "simple_allow_groups (string)"
-msgstr ""
+msgstr "simple_allow_groups (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-simple.5.xml:100
@@ -4344,11 +5036,13 @@ msgid ""
 "Comma separated list of groups that are allowed to log in. This applies only "
 "to groups within this SSSD domain. Local groups are not evaluated."
 msgstr ""
+"ログイン�許��れ�グループ�カンマ区切り一覧��。�� SSSD ドメイン�中�"
+"グループ����用�れ��。ローカルグループ�評価�れ��ん。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-simple.5.xml:108
 msgid "simple_deny_groups (string)"
-msgstr ""
+msgstr "simple_deny_groups (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-simple.5.xml:111
@@ -4357,6 +5051,8 @@ msgid ""
 "applies only to groups within this SSSD domain. Local groups are not "
 "evaluated."
 msgstr ""
+"アクセス�明示的�拒��れ�グループ�カンマ区切り一覧��。�� SSSD ドメイ"
+"ン�中�グループ����用�れ��。ローカルグループ�評価�れ��ん。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
@@ -4366,6 +5062,10 @@ msgid ""
 "citerefentry> manual page for details on the configuration of an SSSD "
 "domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
+"SSSD ドメイン�設定�関�る詳細� <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページ� "
+"<quote>ドメインセクション</quote> �セクションを�照������。  "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-simple.5.xml:120
@@ -4373,6 +5073,8 @@ msgid ""
 "Please note that it is an configuration error if both, simple_allow_users "
 "and simple_deny_users, are defined."
 msgstr ""
+"simple_allow_users � simple_deny_users ���らも定義�れる��設定エラー�"
+"�る���注�������。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-simple.5.xml:128
@@ -4381,6 +5083,9 @@ msgid ""
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
 "This examples shows only the simple access provider-specific options."
 msgstr ""
+"以下�例��SSSD �正��設定�れ�example.com � <replaceable>[sssd]</"
+"replaceable> セクション��るドメイン� 1 ���る�仮定���。��例�アク"
+"セスプロ�イダー固有�簡��オプション��を示���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-simple.5.xml:135
@@ -4390,6 +5095,9 @@ msgid ""
 "    access_provider = simple\n"
 "    simple_allow_users = user1, user2\n"
 msgstr ""
+"    [domain/example.com]\n"
+"    access_provider = simple\n"
+"    simple_allow_users = user1, user2\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-simple.5.xml:145
@@ -4398,11 +5106,14 @@ msgid ""
 "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 msgstr ""
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
 msgid "sssd-ipa"
-msgstr ""
+msgstr "sssd-ipa"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:23
@@ -4413,6 +5124,11 @@ msgid ""
 "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
+"��マニュアルページ� <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> �対�る IPA プロ�イダー�設定を説"
+"明�����。詳細�構文��考資料� <citerefentry> <refentrytitle>sssd."
+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルペー"
+"ジ� <quote>ファイル形�</quote> を�照������。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:36
@@ -4422,6 +5138,10 @@ msgid ""
 "requires that the machine be joined to the IPA domain; configuration is "
 "almost entirely self-discovered and obtained directly from the server."
 msgstr ""
+"IPA プロ�イダー� IPA サー�ー�接続�る���使用�れる�ックエンド��。"
+"（IPA サー�ー�関�る詳細� freeipa.org �ウェブサイトを�照������。）"
+"��プロ�イダー��マシン� IPA ドメイン��加�����設定����全体的�"
+"自己検索�れ�サー�ー�ら直接�得�れ��る必���り��。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:43
@@ -4446,7 +5166,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:72
 msgid "ipa_domain (string)"
-msgstr ""
+msgstr "ipa_domain (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:75
@@ -4454,11 +5174,13 @@ msgid ""
 "Specifies the name of the IPA domain.  This is optional. If not provided, "
 "the configuration domain name is used."
 msgstr ""
+"IPA ドメイン���を指定���。�れ�オプション��。�供�れ��れ��設定"
+"ドメイン��使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:83
 msgid "ipa_server (string)"
-msgstr ""
+msgstr "ipa_server (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:86
@@ -4473,7 +5195,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:99
 msgid "ipa_hostname (string)"
-msgstr ""
+msgstr "ipa_hostname (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:102
@@ -4481,11 +5203,13 @@ msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the IPA domain to identify this host."
 msgstr ""
+"オプション��。hostname(5) ���ホストを識別�る��� IPA ドメイン����"
+"使用�れる完全修飾�を�映���マシン����設定�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:110
 msgid "ipa_dyndns_update (boolean)"
-msgstr ""
+msgstr "ipa_dyndns_update (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:113
@@ -4493,6 +5217,8 @@ msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA v2 with the IP address of this client."
 msgstr ""
+"オプション��。��オプション� FreeIPA v2 �中���クライアント� IP アド"
+"レスを組�込む DNS サー�ーを自動的�更新�るよ� SSSD �通知���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:118
@@ -4500,11 +5226,14 @@ msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
 msgstr ""
+"注: (RHEL5 �よ��) ��システム�������動作�正��機能�る�����"
+"デフォルト� Kerberos レルム� /etc/krb5.conf ����正��設定�れ��る必"
+"���り��"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:129
 msgid "ipa_dyndns_iface (string)"
-msgstr ""
+msgstr "ipa_dyndns_iface (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:132
@@ -4512,36 +5241,42 @@ msgid ""
 "Optional. Applicable only when ipa_dyndns_update is true. Choose the "
 "interface whose IP address should be used for dynamic DNS updates."
 msgstr ""
+"オプション��。ipa_dyndns_update �真������用����。動的 DNS 更新�"
+"���使用�れる IP アドレス�インターフェースを�択���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:137
 msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
+msgstr "�期値: IPA LDAP 接続� IP アドレスを使用���"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:143
 msgid "ipa_hbac_search_base (string)"
-msgstr ""
+msgstr "ipa_hbac_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:146
 msgid "Optional. Use the given string as search base for HBAC related objects."
 msgstr ""
+"オプション��。与�られ�文字列を HBAC 関連オブジェクト�対�る検索ベース�"
+"��使用���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:150
 msgid "Default: Use base DN"
-msgstr ""
+msgstr "�期値: ベース DN を使用���"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:156
 msgid "ipa_host_search_base (string)"
-msgstr ""
+msgstr "ipa_host_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:159
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
+"オプション��。ホストオブジェクト�検索ベース���与�られ�文字列を使用�"
+"��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:168
@@ -4550,21 +5285,26 @@ msgid ""
 "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
 "will be ignored."
 msgstr ""
+"フィルター�����検索ベース�与�られ��� "
+"<emphasis>ipa_hbac_support_srchost</emphasis> ��（False）�設定�れ��る"
+"��フィルター�無視�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:180
 msgid "ipa_selinux_search_base (string)"
-msgstr ""
+msgstr "ipa_selinux_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:183
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
+"オプション��。与�られ�文字列を SELinux ユーザーマップ�対�る検索ベース�"
+"��使用���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
 msgid "krb5_validate (boolean)"
-msgstr ""
+msgstr "krb5_validate (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
@@ -4572,6 +5312,7 @@ msgid ""
 "Verify with the help of krb5_keytab that the TGT obtained has not been "
 "spoofed."
 msgstr ""
+"�得�れ� TGT �改�ん�れ�����を krb5_keytab �支��確����。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:209
@@ -4579,6 +5320,8 @@ msgid ""
 "Note that this default differs from the traditional Kerberos provider back "
 "end."
 msgstr ""
+"���期値��統的� Kerberos プロ�イダー��ックエンド��異�る���注�"
+"������。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:219
@@ -4586,6 +5329,8 @@ msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
 msgstr ""
+"Kerberos レルム�����。�れ�オプション���期値� <quote>ipa_domain</"
+"quote> �値��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:223
@@ -4593,6 +5338,8 @@ msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
 msgstr ""
+"IPA ����特別��味を�� Kerberos レルム�����。LDAP �作を実行�る�"
+"��使用�るベース DN �変��れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:234
@@ -4601,11 +5348,13 @@ msgid ""
 "connecting to IPA LDAP and also for AS requests. This feature is available "
 "with MIT Kerberos >= 1.7"
 msgstr ""
+"IPA LDAP � AS �求�対��接続�る���ホスト�ユーザープリンシパルを正�化"
+"�る�を指定���。��機能� MIT Kerberos >= 1.7 �利用�能��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:247
 msgid "ipa_hbac_refresh (integer)"
-msgstr ""
+msgstr "ipa_hbac_refresh (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:250
@@ -4618,12 +5367,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:257
 msgid "Default: 5 (seconds)"
-msgstr ""
+msgstr "�期値: 5 (秒)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:262
 msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
+msgstr "ipa_hbac_treat_deny_as (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:265
@@ -4633,6 +5382,11 @@ msgid ""
 "of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
 "client will support two modes of operation during this transition period:"
 msgstr ""
+"��オプション�推奨�れ�� DENY 形�� HBAC ルールを��よ���り扱��を"
+"指定���。FreeIPA v2.1 �在�DENY ルール�も�やサー�ー����サ�ート�"
+"れ��ん。���� FreeIPA �ユーザー��れら�ルールを ALLOW ルール��を使"
+"用�るよ�移行�る必���り��。クライアント���移行期間中 2 ��モード�"
+"�作をサ�ート���:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:274
@@ -4640,6 +5394,8 @@ msgid ""
 "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
 "users will be denied access."
 msgstr ""
+"<emphasis>DENY_ALL</emphasis>: ���� HBAC DENY ルール�検知�れる����"
+"��ユーザー�アクセスを拒��れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:279
@@ -4647,16 +5403,19 @@ msgid ""
 "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
 "careful with this option, as it may result in opening unintended access."
 msgstr ""
+"<emphasis>IGNORE</emphasis>: SSSD ����� DENY ルールを無視�れ��。�図"
+"���アクセス�開�れる�能性��る�����オプションを用�る����常�"
+"注�������。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:284
 msgid "Default: DENY_ALL"
-msgstr ""
+msgstr "�期値: DENY_ALL"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:289
 msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
+msgstr "ipa_hbac_support_srchost (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:292
@@ -4664,6 +5423,8 @@ msgid ""
 "If this is set to false, then srchost as given to SSSD by PAM will be "
 "ignored."
 msgstr ""
+"�れ���設定�れ��る��PAM �より SSSD �与�られる srchost �無視�れ�"
+"�。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:296
@@ -4671,36 +5432,39 @@ msgid ""
 "Note that if set to <emphasis>False</emphasis>, this option casuses filters "
 "given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
 msgstr ""
+"<emphasis>False</emphasis> �設定�れ��る����オプション� "
+"<emphasis>ipa_host_search_base</emphasis> �与�られ�フィルター�無視�れる"
+"よ���る���注�������。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:307
 msgid "ipa_automount_location (string)"
-msgstr ""
+msgstr "ipa_automount_location (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:310
 msgid "The automounter location this IPA client will be using"
-msgstr ""
+msgstr "�� IPA クライアント�使用�る automounter �場所��"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:313
 msgid "Default: The location named \"default\""
-msgstr ""
+msgstr "�期値: \"default\" ������場所"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:319
 msgid "ipa_netgroup_member_of (string)"
-msgstr ""
+msgstr "ipa_netgroup_member_of (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:322
 msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
+msgstr "�ットワークグループ�メン�ーを一覧��る LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:331
 msgid "ipa_netgroup_member_user (string)"
-msgstr ""
+msgstr "ipa_netgroup_member_user (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:334
@@ -4708,16 +5472,18 @@ msgid ""
 "The LDAP attribute that lists system users and groups that are direct "
 "members of the netgroup."
 msgstr ""
+"�ットワークグループ�直接メン�ー��るシステムユーザー�グループを一覧化�"
+"る LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
 msgid "Default: memberUser"
-msgstr ""
+msgstr "�期値: memberUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:344
 msgid "ipa_netgroup_member_host (string)"
-msgstr ""
+msgstr "ipa_netgroup_member_host (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:347
@@ -4725,16 +5491,18 @@ msgid ""
 "The LDAP attribute that lists hosts and host groups that are direct members "
 "of the netgroup."
 msgstr ""
+"�ットワークグループ�直接メン�ー��るホスト�ホストグループを一覧化�る "
+"LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
 msgid "Default: memberHost"
-msgstr ""
+msgstr "�期値: memberHost"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:356
 msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
+msgstr "ipa_netgroup_member_ext_host (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:359
@@ -4742,99 +5510,101 @@ msgid ""
 "The LDAP attribute that lists FQDNs of hosts and host groups that are "
 "members of the netgroup."
 msgstr ""
+"�ットワークグループ�メン�ー��るホスト�ホストグループ� FQDN を一覧化�"
+"る LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:363
 msgid "Default: externalHost"
-msgstr ""
+msgstr "�期値: externalHost"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:368
 msgid "ipa_netgroup_domain (string)"
-msgstr ""
+msgstr "ipa_netgroup_domain (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:371
 msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
+msgstr "�ットワークグループ� NIS ドメイン�を�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:375
 msgid "Default: nisDomainName"
-msgstr ""
+msgstr "�期値: nisDomainName"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:381
 msgid "ipa_host_object_class (string)"
-msgstr ""
+msgstr "ipa_host_object_class (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
 msgid "The object class of a host entry in LDAP."
-msgstr ""
+msgstr "LDAP ��るホストエントリー�オブジェクトクラス��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
 msgid "Default: ipaHost"
-msgstr ""
+msgstr "�期値: ipaHost"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:392
 msgid "ipa_host_fqdn (string)"
-msgstr ""
+msgstr "ipa_host_fqdn (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:395
 msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
+msgstr "ホスト� FQDN を�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:398
 msgid "Default: fqdn"
-msgstr ""
+msgstr "�期値: fqdn"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:404
 msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
+msgstr "ipa_selinux_usermap_object_class (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:415
 msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
+msgstr "ipa_selinux_usermap_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:418
 msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
+msgstr "SELinux ユーザーマップ���を�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:427
 msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
+msgstr "ipa_selinux_usermap_member_user (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:430
 msgid ""
 "The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
+msgstr "��ルール�一致�る����ユーザー・グループを�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:439
 msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
+msgstr "ipa_selinux_usermap_member_host (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:442
 msgid ""
 "The LDAP attribute that contains all hosts / hostgroups this rule match "
 "against."
-msgstr ""
+msgstr "��ルール�一致�るホスト・ホストグループを�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:451
 msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
+msgstr "ipa_selinux_usermap_see_also (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:454
@@ -4842,31 +5612,33 @@ msgid ""
 "The LDAP attribute that contains DN of HBAC rule which can be used for "
 "matching instead of memberUser and memberHost"
 msgstr ""
+"memberUser � memberHost �代�り�マッ��使用�れる HBAC ルール� DN を�"
+"む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:459
 msgid "Default: seeAlso"
-msgstr ""
+msgstr "�期値: seeAlso"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:464
 msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
+msgstr "ipa_selinux_usermap_selinux_user (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:467
 msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
+msgstr "SELinux ユーザー文字列自身を�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:471
 msgid "Default: ipaSELinuxUser"
-msgstr ""
+msgstr "�期値: ipaSELinuxUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:476
 msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
+msgstr "ipa_selinux_usermap_enabled (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:479
@@ -4874,71 +5646,72 @@ msgid ""
 "The LDAP attribute that contains whether or not is user map enabled for "
 "usage."
 msgstr ""
+"ユーザーマップ�使用�る���有効化�れ��る����を�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:483
 msgid "Default: ipaEnabledFlag"
-msgstr ""
+msgstr "�期値: ipaEnabledFlag"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:488
 msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
+msgstr "ipa_selinux_usermap_user_category (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:491
 msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
+msgstr "'all' �よ��ユーザーカテゴリーを�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:495
 msgid "Default: userCategory"
-msgstr ""
+msgstr "�期値: userCategory"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:500
 msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
+msgstr "ipa_selinux_usermap_host_category (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:503
 msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
+msgstr "'all' �よ��ホストカテゴリーを�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:507
 msgid "Default: hostCategory"
-msgstr ""
+msgstr "�期値: hostCategory"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:512
 msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
+msgstr "ipa_selinux_usermap_uuid (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:515
 msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
+msgstr "ユーザーマップ�一�� ID を�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:519
 msgid "Default: ipaUniqueID"
-msgstr ""
+msgstr "�期値: ipaUniqueID"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:524
 msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
+msgstr "ipa_host_ssh_public_key (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:527
 msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
+msgstr "ホスト� SSH 公開�を�む LDAP 属性��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:531
 msgid "Default: ipaSshPubKey"
-msgstr ""
+msgstr "�期値: ipaSshPubKey"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:546
@@ -4947,6 +5720,9 @@ msgid ""
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
 "This examples shows only the ipa provider-specific options."
 msgstr ""
+"以下�例��SSSD �正��設定�れ�example.com � <replaceable>[sssd]</"
+"replaceable> セクション��るドメイン� 1 ���る��を仮定�����。��"
+"例� IPA プロ�イダー固有�オプション��を示�����。"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-ipa.5.xml:553
@@ -4957,6 +5733,10 @@ msgid ""
 "    ipa_server = ipaserver.example.com\n"
 "    ipa_hostname = myhost.example.com\n"
 msgstr ""
+"    [domain/example.com]\n"
+"    id_provider = ipa\n"
+"    ipa_server = ipaserver.example.com\n"
+"    ipa_hostname = myhost.example.com\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:564
@@ -4968,16 +5748,22 @@ msgid ""
 "citerefentry>, <citerefentry> <refentrytitle>sssd</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 msgstr ""
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd.8.xml:10 sssd.8.xml:15
 msgid "sssd"
-msgstr ""
+msgstr "sssd"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd.8.xml:16
 msgid "System Security Services Daemon"
-msgstr ""
+msgstr "System Security Services Daemon"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sssd.8.xml:21
@@ -4985,6 +5771,8 @@ msgid ""
 "<command>sssd</command> <arg choice='opt'> <replaceable>options</"
 "replaceable> </arg>"
 msgstr ""
+"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.8.xml:31
@@ -5004,47 +5792,51 @@ msgid ""
 "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
 "replaceable>"
 msgstr ""
+"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:53
 msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
+msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:57
 msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
+msgstr "<emphasis>1</emphasis>: デ�ッグメッセージ�日時を追加���"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:60
 msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
+msgstr "<emphasis>0</emphasis>: デ�ッグメッセージ�日時を無効����"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:69
 msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
+msgstr "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:73
 msgid ""
 "<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
 msgstr ""
+"<emphasis>1</emphasis>: デ�ッグメッセージ�ミリ秒をタイムスタンプ�追加��"
+"�"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:76
 msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
+msgstr "<emphasis>0</emphasis>: 日時�マイクロ秒を無効����"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:79
 msgid "Default: 0"
-msgstr ""
+msgstr "�期値: 0"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:85
 msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
+msgstr "<option>-f</option>,<option>--debug-to-files</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:89
@@ -5057,56 +5849,60 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:97
 msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
+msgstr "<option>-D</option>,<option>--daemon</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:101
 msgid "Become a daemon after starting up."
-msgstr ""
+msgstr "起動後�デーモン��り��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:107
 msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
+msgstr "<option>-i</option>,<option>--interactive</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:111
 msgid "Run in the foreground, don't become a daemon."
-msgstr ""
+msgstr "フォアグラウンド�実行���デーモン��り��ん。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
+#: sssd.8.xml:117 sss_debuglevel.8.xml:42
 msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
+msgstr "<option>-c</option>,<option>--config</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
+#: sssd.8.xml:121 sss_debuglevel.8.xml:46
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
 "consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
 "<manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
+"�標準�設定ファイルを指定���。�期値� <filename>/etc/sssd/sssd.conf</"
+"filename> ��。設定ファイル�構文�オプション� <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> マニュアルページを�照������。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:135
 msgid "<option>--version</option>"
-msgstr ""
+msgstr "<option>--version</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:139
 msgid "Print version number and exit."
-msgstr ""
+msgstr "�ージョン番�を表示��終了���。"
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd.8.xml:147
 msgid "Signals"
-msgstr ""
+msgstr "シグナル"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:150
 msgid "SIGTERM/SIGINT"
-msgstr ""
+msgstr "SIGTERM/SIGINT"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:153
@@ -5114,11 +5910,13 @@ msgid ""
 "Informs the SSSD to gracefully terminate all of its child processes and then "
 "shut down the monitor."
 msgstr ""
+"SSSD ������プロセスを�や���止�るよ�通知���モニターをシャットダ"
+"ウン���。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:159
 msgid "SIGHUP"
-msgstr ""
+msgstr "SIGHUP"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:162
@@ -5127,11 +5925,14 @@ msgid ""
 "close and reopen them. This is meant to facilitate log rolling with programs "
 "like logrotate."
 msgstr ""
+"SSSD ��在�デ�ッグファイルディスクリプター�書�込む��を止����れらを"
+"閉���ら開����よ�指示���。�れ� logrotate �よ��プログラムを用�"
+"�ログローテーションを促進�る��を�味���。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:170
 msgid "SIGUSR1"
-msgstr ""
+msgstr "SIGUSR1"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:173
@@ -5139,11 +5940,13 @@ msgid ""
 "Tells the SSSD to simulate offline operation for one minute. This is mostly "
 "useful for testing purposes."
 msgstr ""
+"SSSD � 1 分間オフライン�作をシミュレーション�るよ�指示���。テスト目的"
+"������有用��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:179
 msgid "SIGUSR2"
-msgstr ""
+msgstr "SIGUSR2"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:182
@@ -5151,6 +5954,7 @@ msgid ""
 "Tells the SSSD to go online immediately. This is mostly useful for testing "
 "purposes."
 msgstr ""
+"SSSD �直��オンライン��るよ�指示���。テスト目的������有用��。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.8.xml:193
@@ -5167,16 +5971,27 @@ msgid ""
 "<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>."
 msgstr ""
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
 msgid "sss_obfuscate"
-msgstr ""
+msgstr "sss_obfuscate"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_obfuscate.8.xml:16
 msgid "obfuscate a clear text password"
-msgstr ""
+msgstr "平文パスワードを��り����る"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_obfuscate.8.xml:21
@@ -5185,6 +6000,9 @@ msgid ""
 "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
 "replaceable></arg>"
 msgstr ""
+"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
+"replaceable></arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_obfuscate.8.xml:32
@@ -5193,6 +6011,8 @@ msgid ""
 "unreadable format and places it into appropriate domain section of the SSSD "
 "config file."
 msgstr ""
+"<command>sss_obfuscate</command> ��与�られ�パスワードを人間�読����形"
+"��変����SSSD 設定ファイル��切�ドメインセクション�置���。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_obfuscate.8.xml:37
@@ -5205,6 +6025,13 @@ msgid ""
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry> for more details on these parameters."
 msgstr ""
+"平文�パスワード��標準入力�ら読�込�れ������対話的�入力�れ��。"
+"解読�����れ�パスワード�指定�れ� SSSD ドメイン� "
+"<quote>ldap_default_authtok</quote> パラメータ�置�れ��。�� "
+"<quote>ldap_default_authtok_type</quote> パラメーター� "
+"<quote>obfuscated_password</quote> �設定�れ��。�れら�パラメーター�詳細"
+"� <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> を�照������。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_obfuscate.8.xml:49
@@ -5219,19 +6046,22 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:63
 msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
+msgstr "<option>-s</option>,<option>--stdin</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_obfuscate.8.xml:67
 msgid "The password to obfuscate will be read from standard input."
-msgstr ""
+msgstr "解読�����るパスワード�標準入力�ら読�込�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:82
+#: sss_ssh_knownhostsproxy.1.xml:81
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
 msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_obfuscate.8.xml:79
@@ -5239,22 +6069,25 @@ msgid ""
 "The SSSD domain to use the password in. The default name is <quote>default</"
 "quote>."
 msgstr ""
+"パスワード�使用�る SSSD ドメイン��。����期値� <quote>default</"
+"quote> ��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_obfuscate.8.xml:86
 msgid ""
 "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
 msgstr ""
+"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_obfuscate.8.xml:91
 msgid "Read the config file specified by the positional parameter."
-msgstr ""
+msgstr "�置パラメーター�より指定�れ�設定ファイルを読�込���。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_obfuscate.8.xml:95
 msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
+msgstr "�期値: <filename>/etc/sssd/sssd.conf</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_obfuscate.8.xml:105
@@ -5262,16 +6095,18 @@ msgid ""
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>"
 msgstr ""
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_useradd.8.xml:10 sss_useradd.8.xml:15
 msgid "sss_useradd"
-msgstr ""
+msgstr "sss_useradd"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_useradd.8.xml:16
 msgid "create a new user"
-msgstr ""
+msgstr "新��ユーザーを作��る"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_useradd.8.xml:21
@@ -5280,6 +6115,9 @@ msgid ""
 "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
 "arg>"
 msgstr ""
+"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_useradd.8.xml:32
@@ -5287,12 +6125,15 @@ msgid ""
 "<command>sss_useradd</command> creates a new user account using the values "
 "specified on the command line plus the default values from the system."
 msgstr ""
+"<command>sss_useradd</command> ��コマンドライン����指定�れ�値�システ"
+"ム��期値を使用���新��ユーザーを作����。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:43
 msgid ""
 "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
 msgstr ""
+"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:48
@@ -5300,6 +6141,8 @@ msgid ""
 "Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
 "not given, it is chosen automatically."
 msgstr ""
+"ユーザー� UID を <replaceable>UID</replaceable> �値を設定���。与�られ�"
+"���自動的��択�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:55 sss_usermod.8.xml:43
@@ -5307,6 +6150,8 @@ msgid ""
 "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
 "replaceable>"
 msgstr ""
+"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:60 sss_usermod.8.xml:48
@@ -5314,6 +6159,8 @@ msgid ""
 "Any text string describing the user. Often used as the field for the user's "
 "full name."
 msgstr ""
+"ユーザーを説明���る任��テキスト文字列��。����ユーザー�完全��項"
+"目���使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:67 sss_usermod.8.xml:55
@@ -5321,6 +6168,8 @@ msgid ""
 "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
 "replaceable>"
 msgstr ""
+"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:72
@@ -5331,12 +6180,18 @@ msgid ""
 "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
 "baseDirectory</quote> setting in sssd.conf."
 msgstr ""
+"ユーザーアカウント�ホームディレクトリー��。�期値� <filename>/home</"
+"filename> � <replaceable>LOGIN</replaceable> ���を追加���ホームディレ"
+"クトリー���使用���。 <replaceable>LOGIN</replaceable> �����るベー"
+"ス� sssd.conf ���� <quote>user_defaults/baseDirectory</quote> 設定�変更"
+"����。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:82 sss_usermod.8.xml:66
 msgid ""
 "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
 msgstr ""
+"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:87
@@ -5345,6 +6200,9 @@ msgid ""
 "filename>.  The default can be changed with <quote>user_defaults/"
 "defaultShell</quote> setting in sssd.conf."
 msgstr ""
+"ユーザー�ログインシェル��。�期値��在 <filename>/bin/bash</filename> �"
+"�。�期値� sssd.conf ���� <quote>user_defaults/defaultShell</quote> �"
+"変更����。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:96
@@ -5352,16 +6210,18 @@ msgid ""
 "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
 "replaceable>"
 msgstr ""
+"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:101
 msgid "A list of existing groups this user is also a member of."
-msgstr ""
+msgstr "��ユーザー�メン�ー��る既存�ユーザー�一覧��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:107
 msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
+msgstr "<option>-m</option>,<option>--create-home</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:111
@@ -5370,17 +6230,20 @@ msgid ""
 "directories contained in the skeleton directory (which can be defined with "
 "the -k option or in the config file) will be copied to the home directory."
 msgstr ""
+"ユーザー�ホームディレクトリー�存在���れ���れを作����。（-k オプ"
+"ション���設定ファイル�定義��る）スケルトンディレクトリー��るファイル"
+"�ディレクトリー�ホームディレクトリー�コピー�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:121
 msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
+msgstr "<option>-M</option>,<option>--no-create-home</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:125
 msgid ""
 "Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
+msgstr "ユーザー�ホームディレクトリーを作����ん。設定を上書����。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:132
@@ -5388,6 +6251,8 @@ msgid ""
 "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
 "replaceable>"
 msgstr ""
+"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:137
@@ -5396,6 +6261,9 @@ msgid ""
 "the user's home directory, when the home directory is created by "
 "<command>sss_useradd</command>."
 msgstr ""
+"スケルトンディレクトリー��。ホームディレクトリー� <command>sss_useradd</"
+"command> �より作��れる���ユーザー�ホームディレクトリー�コピー�れる"
+"ファイル�ディレクトリーを����。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:143
@@ -5404,6 +6272,9 @@ msgid ""
 "home</option>) option is specified, or creation of home directories is set "
 "to TRUE in the configuration."
 msgstr ""
+"<option>-m</option> (��� <option>--create-home</option>) オプション�指定"
+"�れ�������ホームディレクトリー�作��設定���� TRUE �設定�れ�"
+"�る場������オプション�有効��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_useradd.8.xml:152 sss_usermod.8.xml:124
@@ -5411,6 +6282,8 @@ msgid ""
 "<option>-Z</option>,<option>--selinux-user</option> "
 "<replaceable>SELINUX_USER</replaceable>"
 msgstr ""
+"<option>-Z</option>,<option>--selinux-user</option> "
+"<replaceable>SELINUX_USER</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_useradd.8.xml:157
@@ -5418,6 +6291,8 @@ msgid ""
 "The SELinux user for the user's login. If not specified, the system default "
 "will be used."
 msgstr ""
+"ユーザー�ログイン�る際� SELinux ユーザー��。未指定�場��システム��期"
+"値を使���。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_useradd.8.xml:169
@@ -5432,11 +6307,20 @@ msgid ""
 "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 msgstr ""
+"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
 msgid "sssd-krb5"
-msgstr ""
+msgstr "sssd-krb5"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-krb5.5.xml:23
@@ -5448,6 +6332,12 @@ msgid ""
 "the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry> manual page"
 msgstr ""
+"��マニュアル� <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> �対�る Kerberos 5 �証�ックエンド"
+"�設定を説明�����。詳細�構文��考資料��<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> マニュアルページ� <quote>ファイル形�</quote> セクションを�照"
+"������。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-krb5.5.xml:36
@@ -5480,18 +6370,21 @@ msgid ""
 "<command>sssd</command> will construct a UPN using the format "
 "<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
 msgstr ""
+"UPN �識別�ックエンド <command>sssd</command> ����利用����場���形"
+"� <replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable> "
+"を使用�� UPN を構築���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:106
 msgid ""
 "The name of the Kerberos realm. This option is required and must be "
 "specified."
-msgstr ""
+msgstr "Kerberos レルム�����。��オプション�指定�る必���り��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:113
 msgid "krb5_kpasswd (string)"
-msgstr ""
+msgstr "krb5_kpasswd (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:116
@@ -5513,12 +6406,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:129
 msgid "Default: Use the KDC"
-msgstr ""
+msgstr "�期値: KDC を使用���"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:135
 msgid "krb5_ccachedir (string)"
-msgstr ""
+msgstr "krb5_ccachedir (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:138
@@ -5535,62 +6428,62 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:151
 msgid "Default: /tmp"
-msgstr ""
+msgstr "�期値: /tmp"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:157
 msgid "krb5_ccname_template (string)"
-msgstr ""
+msgstr "krb5_ccname_template (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:171
 msgid "login UID"
-msgstr ""
+msgstr "ログイン UID"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:174
 msgid "%p"
-msgstr ""
+msgstr "%p"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:175
 msgid "principal name"
-msgstr ""
+msgstr "プリンシパル�"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:179
 msgid "%r"
-msgstr ""
+msgstr "%r"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:180
 msgid "realm name"
-msgstr ""
+msgstr "レルム�"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:183
 msgid "%h"
-msgstr ""
+msgstr "%h"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:184
 msgid "home directory"
-msgstr ""
+msgstr "ホームディレクトリー"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:189
 msgid "value of krb5ccache_dir"
-msgstr ""
+msgstr "krb5ccache_dir �値"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:194
 msgid "%P"
-msgstr ""
+msgstr "%P"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:195
 msgid "the process ID of the sssd client"
-msgstr ""
+msgstr "sssd クライアント�プロセス ID"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:160
@@ -5605,12 +6498,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:209
 msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
+msgstr "�期値: FILE:%d/krb5cc_%U_XXXXXX"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:215
 msgid "krb5_auth_timeout (integer)"
-msgstr ""
+msgstr "krb5_auth_timeout (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:218
@@ -5618,11 +6511,13 @@ msgid ""
 "Timeout in seconds after an online authentication or change password request "
 "is aborted. If possible the authentication request is continued offline."
 msgstr ""
+"オンライン�証���パスワード変更�求�中止�れ�後�秒���タイムアウト�"
+"�。�能�ら���証�求�オフライン�継続�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:241
 msgid "krb5_keytab (string)"
-msgstr ""
+msgstr "krb5_keytab (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:244
@@ -5630,16 +6525,18 @@ msgid ""
 "The location of the keytab to use when validating credentials obtained from "
 "KDCs."
 msgstr ""
+"KDC �ら�得��クレディンシャルを検証�る���使用�れるキーテーブル�場所"
+"��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:248
 msgid "Default: /etc/krb5.keytab"
-msgstr ""
+msgstr "�期値: /etc/krb5.keytab"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:254
 msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
+msgstr "krb5_store_password_if_offline (論�値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:257
@@ -5647,6 +6544,8 @@ msgid ""
 "Store the password of the user if the provider is offline and use it to "
 "request a TGT when the provider gets online again."
 msgstr ""
+"プロ�イダー�オフライン�場��ユーザー�パスワードを�存���プロ�イダー"
+"���オンライン������� TGT を�求�る���使用�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:262
@@ -5659,7 +6558,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:275
 msgid "krb5_renewable_lifetime (string)"
-msgstr ""
+msgstr "krb5_renewable_lifetime (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:278
@@ -5671,27 +6570,27 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
 msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
+msgstr "<emphasis>s</emphasis> 秒"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
 msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
+msgstr "<emphasis>m</emphasis> 分"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
 msgid "<emphasis>h</emphasis> hours"
-msgstr ""
+msgstr "<emphasis>h</emphasis> 時"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
 msgid "<emphasis>d</emphasis> days."
-msgstr ""
+msgstr "<emphasis>d</emphasis> 日。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
 msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
+msgstr "デリミター <emphasis>s</emphasis> ����仮定�れ��る場���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:299
@@ -5700,16 +6599,18 @@ msgid ""
 "renewable lifetime to one and a half hours please use '90m' instead of "
 "'1h30m'."
 msgstr ""
+"���混在�������注�������。更新�能�生存期間を1時間��設定�"
+"��れ�� '1h30m' �代�り� '90m' を使用������。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:305
 msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
+msgstr "�期値: 設定�れ��ん���り TGT �更新�能���り��ん"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:311
 msgid "krb5_lifetime (string)"
-msgstr ""
+msgstr "krb5_lifetime (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:314
@@ -5724,17 +6625,21 @@ msgid ""
 "Please note that it is not possible to mix units.  If you want to set the "
 "lifetime to one and a half hours please use '90m' instead of '1h30m'."
 msgstr ""
+"���混在�������注�������。更新�能�生存期間を1時間��設定�"
+"��れ�� '1h30m' �代�り� '90m' を使用������。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:340
 msgid ""
 "Default: not set, i.e. the default ticket lifetime configured on the KDC."
 msgstr ""
+"�期値: 設定�れ��ん���り KDC ����設定�れ��る�ケット有効期間��"
+"期値��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:347
 msgid "krb5_renew_interval (integer)"
-msgstr ""
+msgstr "krb5_renew_interval (æ•´æ•°)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:350
@@ -5742,16 +6647,20 @@ msgid ""
 "The time in seconds between two checks if the TGT should be renewed. TGTs "
 "are renewed if about half of their lifetime is exceeded."
 msgstr ""
+"TGT を更新����を確��る秒���間隔。生存期間��分�超���る�� TGT "
+"�更新�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:355
 msgid "If this option is not set or 0 the automatic renewal is disabled."
 msgstr ""
+"��オプション�設定�れ����場����� 0 �設定�れ��る場��自動更新"
+"�無効��れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:365
 msgid "krb5_use_fast (string)"
-msgstr ""
+msgstr "krb5_use_fast (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:368
@@ -5759,6 +6668,8 @@ msgid ""
 "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
 "authentication. The following options are supported:"
 msgstr ""
+"Kerberos �事��証���� flexible authentication secure tunneling (FAST) "
+"を有効化���。以下�オプション�サ�ート�れ��:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:373
@@ -5766,6 +6677,8 @@ msgid ""
 "<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
 "option at all."
 msgstr ""
+"<emphasis>never</emphasis> � FAST を使用������オプションを何も設定��"
+"�����等��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:377
@@ -5773,6 +6686,8 @@ msgid ""
 "<emphasis>try</emphasis> to use FAST, if the server does not support fast "
 "continue without."
 msgstr ""
+"<emphasis>try</emphasis> � FAST を使用���。サー�ー� fast をサ�ート��"
+"���れ��続行���ん。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:381
@@ -5780,16 +6695,18 @@ msgid ""
 "<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
 "fast."
 msgstr ""
+"<emphasis>demand</emphasis> � FAST を使用����サー�ー� fast を�求��"
+"�れ�失敗���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:385
 msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
+msgstr "�期値: 設定�れ��ん���り FAST �使用�れ��ん。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:388
 msgid "Please note that a keytab is required to use fast."
-msgstr ""
+msgstr "キーテーブル� fast を使用�る必���る���注�������。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:391
@@ -5798,16 +6715,19 @@ msgid ""
 "and above. If sssd used with an older version using this option is a "
 "configuration error."
 msgstr ""
+"sssd � MIT Kerberos �ージョン 1.8 �よ��れ以上��� fast をサ�ート�る"
+"���注�������。 sssd ����ージョン�使用���る����オプショ"
+"ン�設定エラー��り��。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:400
 msgid "krb5_fast_principal (string)"
-msgstr ""
+msgstr "krb5_fast_principal (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:403
 msgid "Specifies the server principal to use for FAST."
-msgstr ""
+msgstr "FAST �対��使用�るサー�ープリンシパルを指定���。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-krb5.5.xml:412
@@ -5815,6 +6735,8 @@ msgid ""
 "Specifies if the host and user principal should be canonicalized. This "
 "feature is available with MIT Kerberos >= 1.7"
 msgstr ""
+"ホスト�よ�ユーザー�プリンシパル�正�化�れる����を指定���。��機"
+"能� MIT Kerberos >= 1.7 ��利用�能��。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-krb5.5.xml:65
@@ -5825,6 +6747,11 @@ msgid ""
 "SECTIONS</quote> for details on the configuration of a SSSD domain.  "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
+"�証モジュール krb5 � SSSD ドメイン����使用�れ��る��以下�オプショ"
+"ン�使用�れる必���り��。 SSSD ドメイン�設定���る詳細� "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> マニュアルページ� <quote>ドメインセクション</"
+"quote> を�照������。  <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-krb5.5.xml:434
@@ -5844,6 +6771,10 @@ msgid ""
 "    krb5_server = 192.168.1.1\n"
 "    krb5_realm = EXAMPLE.COM\n"
 msgstr ""
+"    [domain/FOO]\n"
+"    auth_provider = krb5\n"
+"    krb5_server = 192.168.1.1\n"
+"    krb5_realm = EXAMPLE.COM\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-krb5.5.xml:453
@@ -5853,16 +6784,20 @@ msgid ""
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 msgstr ""
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
 msgid "sss_groupadd"
-msgstr ""
+msgstr "sss_groupadd"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_groupadd.8.xml:16
 msgid "create a new group"
-msgstr ""
+msgstr "新��グループを作��る"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_groupadd.8.xml:21
@@ -5871,6 +6806,9 @@ msgid ""
 "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
 "arg>"
 msgstr ""
+"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_groupadd.8.xml:32
@@ -5879,12 +6817,16 @@ msgid ""
 "compatible with POSIX groups, with the additional feature that they can "
 "contain other groups as members."
 msgstr ""
+"<command>sss_groupadd</command> �新��グループを作����。�れら�グルー"
+"プ� POSIX グループ�互�性��り�他�グループをメン�ー�����られる追加"
+"機能�互�性��り��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_groupadd.8.xml:43
 msgid ""
 "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
 msgstr ""
+"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_groupadd.8.xml:48
@@ -5892,6 +6834,8 @@ msgid ""
 "Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
 "not given, it is chosen automatically."
 msgstr ""
+"グループ� GID を <replaceable>GID</replaceable> �値�設定���。与�られ�"
+"���自動的��択�れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_groupadd.8.xml:60
@@ -5906,16 +6850,25 @@ msgid ""
 "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 msgstr ""
+"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_userdel.8.xml:10 sss_userdel.8.xml:15
 msgid "sss_userdel"
-msgstr ""
+msgstr "sss_userdel"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_userdel.8.xml:16
 msgid "delete a user account"
-msgstr ""
+msgstr "ユーザーアカウントを削除�る"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_userdel.8.xml:21
@@ -5924,6 +6877,9 @@ msgid ""
 "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
 "arg>"
 msgstr ""
+"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_userdel.8.xml:32
@@ -5931,11 +6887,13 @@ msgid ""
 "<command>sss_userdel</command> deletes a user identified by login name "
 "<replaceable>LOGIN</replaceable> from the system."
 msgstr ""
+"<command>sss_userdel</command> �ログイン� <replaceable>LOGIN</replaceable> "
+"�より識別�れるユーザーをシステム�ら削除���。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_userdel.8.xml:44
 msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
+msgstr "<option>-r</option>,<option>--remove</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_userdel.8.xml:48
@@ -5943,11 +6901,13 @@ msgid ""
 "Files in the user's home directory will be removed along with the home "
 "directory itself and the user's mail spool. Overrides the configuration."
 msgstr ""
+"ユーザー�ホームディレクトリー��るファイル���れ自身�ホームディレクト"
+"リー�ユーザー�メールスプール��も�削除�れ��。設定�上書��れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_userdel.8.xml:56
 msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
+msgstr "<option>-R</option>,<option>--no-remove</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_userdel.8.xml:60
@@ -5955,11 +6915,13 @@ msgid ""
 "Files in the user's home directory will NOT be removed along with the home "
 "directory itself and the user's mail spool. Overrides the configuration."
 msgstr ""
+"ユーザー�ホームディレクトリー��るファイル���れ自身�ホームディレクト"
+"リー�ユーザー�メールスプール��も�削除�れ��ん。設定�上書��れ��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_userdel.8.xml:68
 msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
+msgstr "<option>-f</option>,<option>--force</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_userdel.8.xml:72
@@ -5967,16 +6929,19 @@ msgid ""
 "This option forces <command>sss_userdel</command> to remove the user's home "
 "directory and mail spool, even if they are not owned by the specified user."
 msgstr ""
+"��オプション��指定�れ�ユーザー�より所有�れ����も����"
+"<command>sss_userdel</command> �ユーザー�ホームディレクトリー�メールスプー"
+"ルを削除�るよ�強制���。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_userdel.8.xml:80
 msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
+msgstr "<option>-k</option>,<option>--kick</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_userdel.8.xml:84
 msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
+msgstr "実際�ユーザーを削除�る�����プロセスを����止���。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_userdel.8.xml:95
@@ -5991,16 +6956,25 @@ msgid ""
 "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 msgstr ""
+"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
 msgid "sss_groupdel"
-msgstr ""
+msgstr "sss_groupdel"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_groupdel.8.xml:16
 msgid "delete a group"
-msgstr ""
+msgstr "グループを削除�る"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_groupdel.8.xml:21
@@ -6009,6 +6983,9 @@ msgid ""
 "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
 "arg>"
 msgstr ""
+"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_groupdel.8.xml:32
@@ -6016,6 +6993,8 @@ msgid ""
 "<command>sss_groupdel</command> deletes a group identified by its name "
 "<replaceable>GROUP</replaceable> from the system."
 msgstr ""
+"<command>sss_groupdel</command> ��� <replaceable>GROUP</replaceable> �よ"
+"り識別�れるグループをシステム�ら削除���。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_groupdel.8.xml:48
@@ -6030,16 +7009,25 @@ msgid ""
 "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 msgstr ""
+"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
 msgid "sss_groupshow"
-msgstr ""
+msgstr "sss_groupshow"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_groupshow.8.xml:16
 msgid "print properties of a group"
-msgstr ""
+msgstr "グループ�プロパティーを表示���"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_groupshow.8.xml:21
@@ -6048,6 +7036,9 @@ msgid ""
 "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
 "arg>"
 msgstr ""
+"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_groupshow.8.xml:32
@@ -6056,11 +7047,14 @@ msgid ""
 "identified by its name <replaceable>GROUP</replaceable>. The information "
 "includes the group ID number, members of the group and the parent group."
 msgstr ""
+"<command>sss_groupshow</command> ����� <replaceable>GROUP</replaceable> "
+"�より識別�れるグループ�関�る情報を表示���。情報�グループ ID 番��グ"
+"ループ�メン�ー�よ�親グループを����。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_groupshow.8.xml:43
 msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
+msgstr "<option>-R</option>,<option>--recursive</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_groupshow.8.xml:47
@@ -6082,16 +7076,24 @@ msgid ""
 "<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>."
 msgstr ""
+"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_usermod.8.xml:10 sss_usermod.8.xml:15
 msgid "sss_usermod"
-msgstr ""
+msgstr "sss_usermod"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_usermod.8.xml:16
 msgid "modify a user account"
-msgstr ""
+msgstr "ユーザーアカウントを修正���"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_usermod.8.xml:21
@@ -6100,6 +7102,9 @@ msgid ""
 "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
 "arg>"
 msgstr ""
+"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_usermod.8.xml:32
@@ -6108,16 +7113,19 @@ msgid ""
 "<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
 "on the command line."
 msgstr ""
+"<command>sss_usermod</command> ��コマンドライン����指定�れ�変更を�映"
+"�る���� <replaceable>LOGIN</replaceable> �より指定�れ�アカウントを変"
+"更���。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_usermod.8.xml:60
 msgid "The home directory of the user account."
-msgstr ""
+msgstr "ユーザーアカウント�ホームディレクトリー��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_usermod.8.xml:71
 msgid "The user's login shell."
-msgstr ""
+msgstr "ユーザー�ログインシェル��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_usermod.8.xml:82
@@ -6126,38 +7134,41 @@ msgid ""
 "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
 "a comma separated list of group names."
 msgstr ""
+"��ユーザーを <replaceable>GROUPS</replaceable> パラメーター�より指定�れ�"
+"グループ�追加���。 <replaceable>GROUPS</replaceable> パラメーター�グルー"
+"プ��カンマ区切り一覧��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_usermod.8.xml:96
 msgid ""
 "Remove this user from groups specified by the <replaceable>GROUPS</"
 "replaceable> parameter."
-msgstr ""
+msgstr "<replaceable>GROUPS</replaceable> "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_usermod.8.xml:103
 msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
+msgstr "<option>-l</option>,<option>--lock</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_usermod.8.xml:107
 msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
+msgstr "ユーザーアカウントをロック���。ユーザー�ログイン�����り��。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_usermod.8.xml:114
 msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
+msgstr "<option>-u</option>,<option>--unlock</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_usermod.8.xml:118
 msgid "Unlock the user account."
-msgstr ""
+msgstr "ユーザーアカウント�ロックを解除���。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_usermod.8.xml:129
 msgid "The SELinux user for the user's login."
-msgstr ""
+msgstr "ユーザー�ログイン���� SELinux ユーザー��。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_usermod.8.xml:140
@@ -6172,11 +7183,421 @@ msgid ""
 "citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 msgstr ""
+"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_cache.8.xml:10 sss_cache.8.xml:15
+msgid "sss_cache"
+msgstr "sss_cache"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_cache.8.xml:16
+msgid "perform cache cleanup"
+msgstr "キャッシュクリーンアップを実行�る"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_cache.8.xml:21
+msgid ""
+"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+msgstr ""
+"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_cache.8.xml:31
+msgid ""
+"<command>sss_cache</command> invalidates records in SSSD cache.  Invalidated "
+"records are forced to be reloaded from server as soon as related SSSD "
+"backend is online."
+msgstr ""
+"<command>sss_cache</command> � SSSD キャッシュ��るレコードを無効����。"
+"無効化�れ�レコード��関連�る SSSD �ックエンド�オンライン��る���"
+"��サー�ー�ら強制的��読�込��れ��。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:42
+msgid ""
+"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
+msgstr ""
+"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:47
+msgid "Invalidate specific user."
+msgstr "特定�ユーザーを無効����。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:53
+msgid "<option>-U</option>,<option>--users</option>"
+msgstr "<option>-U</option>,<option>--users</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:57
+msgid ""
+"Invalidate all user records. This option overrides invalidation of specific "
+"user if it was also set."
+msgstr ""
+"����ユーザーレコードを無効����。��オプションも設定�れ��る���"
+"れ�特定�ユーザー�無効化を上書����。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:64
+msgid ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+msgstr ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:69
+msgid "Invalidate specific group."
+msgstr "特定�グループを無効����。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:75
+msgid "<option>-G</option>,<option>--groups</option>"
+msgstr "<option>-G</option>,<option>--groups</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:79
+msgid ""
+"Invalidate all group records. This option overrides invalidation of specific "
+"group if it was also set."
+msgstr ""
+"����グループレコードを無効����。��オプションも設定�れ��る���"
+"れ�特定�グループ�無効化を上書����。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:86
+msgid ""
+"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
+"replaceable>"
+msgstr ""
+"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:91
+msgid "Invalidate specific netgroup."
+msgstr "特定��ットワークグループを無効����。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:97
+msgid "<option>-N</option>,<option>--netgroups</option>"
+msgstr "<option>-N</option>,<option>--netgroups</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:101
+msgid ""
+"Invalidate all netgroup records. This option overrides invalidation of "
+"specific netgroup if it was also set."
+msgstr ""
+"�����ットワークグループレコードを無効����。��オプション�設定�れ"
+"��る���れ�特定��ットワークグループ�無効化を上書����。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:108
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:113
+msgid "Restrict invalidation process only to a particular domain."
+msgstr "無効化プロセスを特定�ドメイン���制����。"
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
+msgid "sss_debuglevel"
+msgstr "sss_debuglevel"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_debuglevel.8.xml:16
+msgid "change debug level while SSSD is running"
+msgstr "SSSD �実行中�デ�ッグレベルを変更�る"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_debuglevel.8.xml:21
+msgid ""
+"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
+"replaceable></arg>"
+msgstr ""
+"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
+"replaceable></arg>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_debuglevel.8.xml:32
+msgid ""
+"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
+"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
+"running."
+msgstr ""
+"<command>sss_debuglevel</command> � SSSD �実行中� SSSD モニター�プロ�イ"
+"ダー�デ�ッグレベルを <replaceable>NEW_DEBUG_LEVEL</replaceable> �変更��"
+"�。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_debuglevel.8.xml:59
+msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+msgstr "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
+msgid "sss_ssh_authorizedkeys"
+msgstr "sss_ssh_authorizedkeys"
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
+msgid "1"
+msgstr "1"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_authorizedkeys.1.xml:16
+msgid "get OpenSSH authorized keys"
+msgstr "OpenSSH ��キーを�得�る"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_authorizedkeys.1.xml:21
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>USER</replaceable></arg>"
+msgstr ""
+"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>USER</replaceable></arg>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:32
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
+"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
+"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> for more information)."
+msgstr ""
+"<command>sss_ssh_authorizedkeys</command> �ユーザー <replaceable>USER</"
+"replaceable> � SSH 公開�を�得��� OpenSSH authorized_keys 形��出力��"
+"� (詳細� <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> � <quote>AUTHORIZED_KEYS FILE FORMAT</quote> セク"
+"ションを�照������)。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:41
+msgid ""
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
+"command> for public key user authentication if it is compiled with support "
+"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
+"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> options."
+msgstr ""
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> �� <quote>AuthorizedKeysCommand</quote> ��� "
+"<quote>PubkeyAgent</quote> <citerefentry> <refentrytitle>sshd_config</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> オプション�サ�ート付"
+"��コンパイル�れ��る��公開�ユーザー�証���� "
+"<command>sss_ssh_authorizedkeys</command> を使用�る���設定����。"
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:58
+#, no-wrap
+msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgstr "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:51
+msgid ""
+"If <quote>AuthorizedKeysCommand</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by putting the following directive "
+"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+"<quote>AuthorizedKeysCommand</quote> �サ�ート�れ��る�� "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> � <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> �以下�ディレクティブを置����よ"
+"り��れを使用�る���設定����: <placeholder type=\"programlisting\" "
+"id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:69
+#, no-wrap
+msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:62
+msgid ""
+"If <quote>PubkeyAgent</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by using the following directive "
+"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
+msgstr ""
+"<quote>PubkeyAgent</quote> �サ�ート�れ��る�� "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> �  <citerefentry> <refentrytitle>sshd</refentrytitle> "
+"<manvolnum>8</manvolnum></citerefentry> 設定�以下�ディレクティブを置���"
+"�より��れを使用�る���設定����: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:87
+msgid ""
+"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+"SSSD ドメイン <replaceable>DOMAIN</replaceable> ��るユーザー�公開�を検索"
+"���。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:98
+msgid ""
+"<citerefentry> <refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sshd_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+msgstr ""
+"<citerefentry> <refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sshd_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
+msgid "sss_ssh_knownhostsproxy"
+msgstr "sss_ssh_knownhostsproxy"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_knownhostsproxy.1.xml:16
+msgid "get OpenSSH host keys"
+msgstr "OpenSSH ホストキーを�得���"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_knownhostsproxy.1.xml:21
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
+"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
+msgstr ""
+"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
+"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:33
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
+"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
+"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
+"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> for more information)  <filename>/var/lib/sss/"
+"pubconf/known_hosts</filename> and estabilishes connection to the host."
+msgstr ""
+"<command>sss_ssh_knownhostsproxy</command> �ホスト <replaceable>HOST</"
+"replaceable> � SSH ホスト�を�得���個別� OpenSSH known_hosts ファイル "
+"(詳細�  <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> � <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> セク"
+"ションを�照������)  <filename>/var/lib/sss/pubconf/known_hosts</"
+"filename> ��存���ホスト��接続を確立���。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:43
+msgid ""
+"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
+"create the connection to the host instead of opening a socket."
+msgstr ""
+"<replaceable>PROXY_COMMAND</replaceable> �指定�れ��る��ソケットを開�代"
+"�り�ホスト��接続を作��る���使用�れ��。"
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_knownhostsproxy.1.xml:55
+#, no-wrap
+msgid ""
+"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
+"GlobalKnownHostsFile2 /var/lib/sss/pubconf/known_hosts\n"
+msgstr ""
+"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
+"GlobalKnownHostsFile2 /var/lib/sss/pubconf/known_hosts\n"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:48
+msgid ""
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</"
+"command> for host key authentication by using the following directives for "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> � <citerefentry><refentrytitle>ssh</refentrytitle> "
+"<manvolnum>1</manvolnum></citerefentry> 設定�対��以下�ディレクティブを使"
+"用�る���より�ホストキー�証� <command>sss_ssh_knownhostsproxy</"
+"command> を使用�る���設定����: <placeholder type=\"programlisting\" "
+"id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_ssh_knownhostsproxy.1.xml:69
+msgid ""
+"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
+msgstr ""
+"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:74
+msgid ""
+"Use port <replaceable>PORT</replaceable> to connect to the host.  By "
+"default, port 22 is used."
+msgstr ""
+"ホスト�接続�る����ート <replaceable>PORT</replaceable> を使用���。�"
+"期値���ート 22 �使用�れ��。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:86
+msgid ""
+"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+"SSSD ドメイン <replaceable>DOMAIN</replaceable> ����ホスト公開�を検索�"
+"��。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:97
+msgid ""
+"<citerefentry> <refentrytitle>ssh</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>ssh_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+msgstr ""
+"<citerefentry> <refentrytitle>ssh</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>ssh_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
 
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
-msgstr ""
+msgstr "サービス検索"
 
 #. type: Content of: <refsect1><para>
 #: include/service_discovery.xml:4
@@ -6184,11 +7605,13 @@ msgid ""
 "The service discovery feature allows back ends to automatically find the "
 "appropriate servers to connect to using a special DNS query."
 msgstr ""
+"サービス探索機能�より��ックエンド�特別� DNS �����を使用���接続�"
+"る����切�サービスを自動的�検索����。"
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/service_discovery.xml:9
 msgid "Configuration"
-msgstr ""
+msgstr "設定"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/service_discovery.xml:11
@@ -6205,7 +7628,7 @@ msgstr ""
 #. type: Content of: <refsect1><refsect2><title>
 #: include/service_discovery.xml:23
 msgid "The domain name"
-msgstr ""
+msgstr "ドメイン�"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/service_discovery.xml:25
@@ -6214,11 +7637,14 @@ msgid ""
 "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry> manual page for more details."
 msgstr ""
+"詳細� <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> マニュアルページ��る "
+"<quote>dns_discovery_domain</quote> パラメーターを�照������。"
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/service_discovery.xml:35
 msgid "The protocol"
-msgstr ""
+msgstr "プロトコル"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/service_discovery.xml:37
@@ -6226,27 +7652,29 @@ msgid ""
 "The queries usually specify _tcp as the protocol. Exceptions are documented "
 "in respective option description."
 msgstr ""
+"������通常プロトコル��� _tcp を指定���。��他��れ�れ�オプ"
+"ション�説明�ドキュメント化�れ����。"
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/service_discovery.xml:42
 msgid "See Also"
-msgstr ""
+msgstr "関連項目"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/service_discovery.xml:44
 msgid ""
 "For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
+msgstr "サービス検索メカニズム�関�る詳細� RFC 2782 を�照������。"
 
 #. type: Content of: outside any tag (error?)
 #: include/upstream.xml:1
 msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
+msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>"
 
 #. type: Content of: <refsect1><title>
 #: include/failover.xml:2
 msgid "FAILOVER"
-msgstr ""
+msgstr "フェイルオー�ー"
 
 #. type: Content of: <refsect1><para>
 #: include/failover.xml:4
@@ -6254,11 +7682,13 @@ msgid ""
 "The failover feature allows back ends to automatically switch to a different "
 "server if the primary server fails."
 msgstr ""
+"フェイルオー�ー機能�プライマリーサー�ー��止��場���ックエンド�異�"
+"るサー�ー�自動的�切り替�られるよ�����。"
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/failover.xml:8
 msgid "Failover Syntax"
-msgstr ""
+msgstr "フェイルオー�ー�構文"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/failover.xml:10
@@ -6267,11 +7697,14 @@ msgid ""
 "is allowed around the comma. The servers are listed in order of preference. "
 "The list can contain any number of servers."
 msgstr ""
+"サー�ー�一覧�カンマ区切り一覧���与�られ��。カンマ��後�空白���"
+"��も許�れ��。サー�ー�性能�順番�一覧化�れ��。一覧�サー�ーを��"
+"��も��られ��。"
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/failover.xml:17
 msgid "The Failover Mechanism"
-msgstr ""
+msgstr "フェイルオー�ー�メカニズム"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/failover.xml:19
@@ -6305,9 +7738,141 @@ msgstr ""
 #. type: Content of: <varlistentry><term>
 #: include/param_help.xml:3
 msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
+msgstr "<option>-h</option>,<option>--help</option>"
 
 #. type: Content of: <varlistentry><listitem><para>
 #: include/param_help.xml:7
 msgid "Display help message and exit."
+msgstr "ヘルプメッセージを表示��終了���。"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:3
+msgid ""
+"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
+"default value as well as the lowest allowed value, 0xFFF0 is the most "
+"verbose mode. This setting overrides the settings from config file."
+msgstr ""
+"デ�ッグレベルを指示�るビットマスク�見る�������。 0x0010 ��期値�"
+"�り�利用��る最�値��。 0xFFF0 �最も冗長�モード��。��設定�設定"
+"ファイル�設定�より上書��れ��。"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:8
+msgid "Currently supported debug levels:"
+msgstr "�在サ�ート�れるデ�ッグレベル:"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:11
+msgid ""
+"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
+"SSSD from starting up or causes it to cease running."
+msgstr ""
+"<emphasis>0x0010</emphasis>: 致命的�エラー。 SSSD �開始�る�を妨�る���"
+"�実行を中断��る�������。"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:15
+msgid ""
+"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
+"the SSSD, but one that indicates that at least one major feature is not "
+"going to work properly."
+msgstr ""
+"<emphasis>0x0020</emphasis>: �大�エラー。 SSSD �強制�止�����複数�機"
+"能�正��動作���エラー��。"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:20
+msgid ""
+"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
+"particular request or operation has failed."
+msgstr ""
+"<emphasis>0x0040</emphasis>: 深刻�エラー。特定��求や�作�失敗����を通"
+"知�るエラー��。"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:24
+msgid ""
+"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
+"percolate down to cause the operation failure of 2."
+msgstr ""
+"<emphasis>0x0080</emphasis>: 軽微�エラー。�れら� 2 ��作失敗を引�起��"
+"よ�下�����エラー��。"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:28
+msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+msgstr "<emphasis>0x0100</emphasis>: 設定値�設定��。"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:31
+msgid "<emphasis>0x0200</emphasis>: Function data."
+msgstr "<emphasis>0x0200</emphasis>: 関数�データ��。"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:34
+msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+msgstr "<emphasis>0x0400</emphasis>: �作関数�トレースメッセージ��。"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:37
+msgid ""
+"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+msgstr "<emphasis>0x1000</emphasis>: 内部制御関数�トレースメッセージ��。"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:40
+msgid ""
+"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
+"may be interesting."
+msgstr ""
+"<emphasis>0x2000</emphasis>: 興味��る�も�れ��関数�内部変数�内容��。"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:43
+msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+msgstr "<emphasis>0x4000</emphasis>: 極��低レベル�トレース情報��。"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:46
+msgid ""
+"To log required debug levels, simply add their numbers together as shown in "
+"following examples:"
+msgstr ""
+"必���るデ�ッグレベルをログ��得�る���以下�例�示�れるよ���れら"
+"�数字を��追加���:"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:49
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
+"serious failures and function data use 0x0270."
+msgstr ""
+"<emphasis>例</emphasis>: 致命的�エラー��大�エラー�深刻�エラー�よ�関数"
+"データをログ��得�る�� 0x0270 を使用���。"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:53
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
+"function data, trace messages for internal control functions use 0x1310."
+msgstr ""
+"<emphasis>例</emphasis>: 致命的�エラー�設定値�設定�関数データ�内部制御関"
+"数�トレースメッセージをログ��得�る�� 0x1310 を使用���。"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:57
+msgid ""
+"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
+"1.7.0.  Older format (numbers from 0-10) is compatible but deprecated."
+msgstr ""
+"<emphasis>注</emphasis>: �れ� 1.7.0 ����導入�れ�デ�ッグレベル�新�"
+"�形���。��形�（0-10 �数字）�互�性��り����推奨�れ��ん。"
+
+#. type: Content of: outside any tag (error?)
+#: include/experimental.xml:1
+msgid ""
+"<emphasis> This is an experimental feature, please use http://fedorahosted."
+"org/sssd to report any issues.  </emphasis>"
 msgstr ""
+"<emphasis> �れ�実験的�機能���何ら���題を報告�る�� http://"
+"fedorahosted.org/sssd を使用������。 </emphasis>"
diff --git a/src/man/po/ja_JP.po b/src/man/po/ja_JP.po
deleted file mode 100644
index 9d4f68bcf..000000000
--- a/src/man/po/ja_JP.po
+++ /dev/null
@@ -1,6313 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: ja_JP\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=1; plural=0\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/ko.po b/src/man/po/ko.po
deleted file mode 100644
index e6ba72c88..000000000
--- a/src/man/po/ko.po
+++ /dev/null
@@ -1,6313 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Korean (http://www.transifex.net/projects/p/fedora/team/ko/)\n"
-"Language: ko\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=1; plural=0\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/lt.po b/src/man/po/lt.po
deleted file mode 100644
index db5d14bae..000000000
--- a/src/man/po/lt.po
+++ /dev/null
@@ -1,6315 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Lithuanian (http://www.transifex.net/projects/p/fedora/team/"
-"lt/)\n"
-"Language: lt\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n"
-"%100<10 || n%100>=20) ? 1 : 2)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/nb.po b/src/man/po/nb.po
deleted file mode 100644
index 5f32be07c..000000000
--- a/src/man/po/nb.po
+++ /dev/null
@@ -1,6313 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n"
-"Language: nb\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/nl.po b/src/man/po/nl.po
index a8e2562bd..914f8c4d8 100644
--- a/src/man/po/nl.po
+++ b/src/man/po/nl.po
@@ -8,10 +8,11 @@ msgid ""
 msgstr ""
 "Project-Id-Version: SSSD\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2011-12-21 10:12+0000\n"
+"POT-Creation-Date: 2012-03-12 16:37-0300\n"
+"PO-Revision-Date: 2012-03-08 11:52+0000\n"
 "Last-Translator: sgallagh <sgallagh@redhat.com>\n"
-"Language-Team: Dutch (http://www.transifex.net/projects/p/fedora/team/nl/)\n"
+"Language-Team: Dutch (http://www.transifex.net/projects/p/fedora/language/"
+"nl/)\n"
 "Language: nl\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -23,7 +24,9 @@ msgstr ""
 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
 #: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
 #: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
+#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5
+#: sss_debuglevel.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_ssh_knownhostsproxy.1.xml:5
 msgid "SSSD Manual pages"
 msgstr "SSSD handleiding"
 
@@ -36,7 +39,8 @@ msgstr "sss_groupmod"
 #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
+#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11
+#: sss_debuglevel.8.xml:11
 msgid "8"
 msgstr "8"
 
@@ -62,6 +66,8 @@ msgstr ""
 #: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
 #: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
 #: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
+#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_ssh_authorizedkeys.1.xml:30
+#: sss_ssh_knownhostsproxy.1.xml:31
 msgid "DESCRIPTION"
 msgstr "OMSCHRIJVING"
 
@@ -78,6 +84,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
+#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_ssh_authorizedkeys.1.xml:78
+#: sss_ssh_knownhostsproxy.1.xml:65
 msgid "OPTIONS"
 msgstr "OPTIES"
 
@@ -120,12 +128,13 @@ msgstr ""
 "replaceable> parameter."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
 #: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
+#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sss_ssh_knownhostsproxy.1.xml:95
 msgid "SEE ALSO"
 msgstr "ZIE OOK"
 
@@ -255,7 +264,7 @@ msgid "The [sssd] section"
 msgstr "De [sssd] sectie"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
 msgid "Section parameters"
 msgstr "Sectie parameters"
 
@@ -518,7 +527,7 @@ msgid "Add a timestamp to the debug messages"
 msgstr "Voeg een tijdstempel toe aan de debugberichten"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
 #: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
 msgid "Default: true"
 msgstr "Standaard: true"
@@ -534,7 +543,7 @@ msgid "Add microseconds to the timestamp in debug messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
+#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
 #: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
 #: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
 #: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
@@ -543,11 +552,31 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:270
+msgid "fd_limit"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:273
+msgid ""
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:282
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:287
 msgid "command (string)"
 msgstr "command (tekst)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:290
 msgid ""
 "By default, the executable representing this service is called <command>sssd_"
 "${service_name}</command>.  This directive allows to change the executable "
@@ -556,17 +585,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
+#: sssd.conf.5.xml:298
 msgid "Default: <command>sssd_${service_name}</command>"
 msgstr "Standaard: <command>sssd_${service_name}</command>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
+#: sssd.conf.5.xml:306
 msgid "NSS configuration options"
 msgstr "NSS configuratie-opties"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:308
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -574,12 +603,12 @@ msgstr ""
 "configurere."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
+#: sssd.conf.5.xml:313
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
+#: sssd.conf.5.xml:316
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -588,17 +617,17 @@ msgstr ""
 "over alle gebruikers)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
+#: sssd.conf.5.xml:320
 msgid "Default: 120"
 msgstr "Standaard: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:325
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
+#: sssd.conf.5.xml:328
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -606,7 +635,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:334
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -616,7 +645,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
+#: sssd.conf.5.xml:344
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -625,17 +654,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
+#: sssd.conf.5.xml:352
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
+#: sssd.conf.5.xml:357
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
+#: sssd.conf.5.xml:360
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -643,17 +672,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:371
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:374
 msgid ""
 "Exclude certain users from being fetched from the sss NSS database. This is "
 "particularly useful for system accounts. This option can also be set per-"
@@ -662,78 +691,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:381
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
+#: sssd.conf.5.xml:386
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
+#: sssd.conf.5.xml:389
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:398
 msgid "override_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
 msgid "%u"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
 msgid "login name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
 msgid "%U"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:412
 msgid "UID number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
 msgid "%d"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:416
 msgid "domain name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:419
 msgid "%f"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:420
 msgid "fully qualified user name (user@domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
 msgid "%%"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
 msgid "a literal '%'"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:401
 msgid ""
 "Override the user's home directory. You can either provide an absolute value "
 "or a template. In the template, the following sequences are substituted: "
@@ -741,138 +770,138 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:430
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
+#: sssd.conf.5.xml:435
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
+#: sssd.conf.5.xml:438
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
+#: sssd.conf.5.xml:441
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:445
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
+#: sssd.conf.5.xml:450
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:455
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:458
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:462
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:467
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:470
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:475
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:478
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:482
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:489
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
+#: sssd.conf.5.xml:491
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:496
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:499
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
+#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
+#: sssd.conf.5.xml:510
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:513
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
+#: sssd.conf.5.xml:523
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
+#: sssd.conf.5.xml:526
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
+#: sssd.conf.5.xml:531
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -880,59 +909,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:543
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
+#: sssd.conf.5.xml:546
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
+#: sssd.conf.5.xml:551
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:554
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:557
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
+#: sssd.conf.5.xml:561
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
+#: sssd.conf.5.xml:564
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
+#: sssd.conf.5.xml:568 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:573
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:576
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -940,7 +969,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
+#: sssd.conf.5.xml:582
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -949,17 +978,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:596
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:599
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:602
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -967,33 +996,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
+#: sssd.conf.5.xml:608
 msgid "Default: 7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-#, fuzzy
-#| msgid "NSS configuration options"
+#: sssd.conf.5.xml:616
 msgid "SUDO configuration options"
-msgstr "NSS configuratie-opties"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-#, fuzzy
-#| msgid "These options can be used to configure any service."
+#: sssd.conf.5.xml:618
 msgid "These options can be used to configure the sudo service."
-msgstr "Deze opties kunnen gebruikt worden om services te configureren."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-#, fuzzy
-#| msgid "enum_cache_timeout (integer)"
+#: sssd.conf.5.xml:625
 msgid "sudo_cache_timeout (integer)"
-msgstr "enum_cache_timeout (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
+#: sssd.conf.5.xml:628
 msgid ""
 "For any sudo request that comes while SSSD is online, the SSSD will attempt "
 "to update the cached rules in order to ensure that sudo has the latest "
@@ -1001,7 +1024,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:634
 msgid ""
 "The user may, however, run a couple of sudo commands successively, which "
 "would trigger multiple LDAP requests.  In order to speed up this use-case, "
@@ -1010,81 +1033,71 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
+#: sssd.conf.5.xml:641
 msgid ""
 "This option controls how long (in seconds) can the sudo service cache rules "
 "for a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-#, fuzzy
-#| msgid "Default: 120"
+#: sssd.conf.5.xml:645
 msgid "Default: 180"
-msgstr "Standaard: 120"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-#, fuzzy
-#| msgid "debug_timestamps (bool)"
+#: sssd.conf.5.xml:650
 msgid "sudo_timed (bool)"
-msgstr "debug_timestamps (bool)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:653
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-#, fuzzy
-#| msgid "NSS configuration options"
+#: sssd.conf.5.xml:666
 msgid "AUTOFS configuration options"
-msgstr "NSS configuratie-opties"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-#, fuzzy
-#| msgid "These options can be used to configure any service."
+#: sssd.conf.5.xml:668
 msgid "These options can be used to configure the autofs service."
-msgstr "Deze opties kunnen gebruikt worden om services te configureren."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-#, fuzzy
-#| msgid "entry_negative_timeout (integer)"
+#: sssd.conf.5.xml:676
 msgid "autofs_negative_timeout (integer)"
-msgstr "entry_negative_timeout (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
+#: sssd.conf.5.xml:679
 msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
+"Specifies for how many seconds should the autofs responder negative cache "
+"hits (that is, queries for invalid map entries, like nonexistent ones) "
 "before asking the back end again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:696
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:703
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
+#: sssd.conf.5.xml:706
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:711
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1093,56 +1106,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:718
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:724
 msgid "timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:727
 msgid ""
 "Timeout in seconds between heartbeats for this domain.  This is used to "
 "ensure that the backend process is alive and capable of answering requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
+#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
 msgid "Default: 10"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:738
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:741
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
+#: sssd.conf.5.xml:745
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:748
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
+#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:754
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1152,14 +1165,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
+#: sssd.conf.5.xml:764
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
+#: sssd.conf.5.xml:769
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -1168,130 +1181,98 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:780
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:783
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
+#: sssd.conf.5.xml:787
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-#, fuzzy
-#| msgid "enum_cache_timeout (integer)"
+#: sssd.conf.5.xml:793
 msgid "entry_cache_user_timeout (integer)"
-msgstr "enum_cache_timeout (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-#, fuzzy
-#| msgid ""
-#| "How many seconds should nss_sss cache enumerations (requests for info "
-#| "about all users)"
+#: sssd.conf.5.xml:796
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
-"Hoeveel seconden zouden nss_sss cache enumeraties (verzoeken om informatie "
-"over alle gebruikers)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
+#: sssd.conf.5.xml:839
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-#, fuzzy
-#| msgid "enum_cache_timeout (integer)"
+#: sssd.conf.5.xml:806
 msgid "entry_cache_group_timeout (integer)"
-msgstr "enum_cache_timeout (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-#, fuzzy
-#| msgid ""
-#| "How many seconds should nss_sss cache enumerations (requests for info "
-#| "about all users)"
+#: sssd.conf.5.xml:809
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
-"Hoeveel seconden zouden nss_sss cache enumeraties (verzoeken om informatie "
-"over alle gebruikers)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-#, fuzzy
-#| msgid "enum_cache_timeout (integer)"
+#: sssd.conf.5.xml:819
 msgid "entry_cache_netgroup_timeout (integer)"
-msgstr "enum_cache_timeout (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-#, fuzzy
-#| msgid ""
-#| "How many seconds should nss_sss cache enumerations (requests for info "
-#| "about all users)"
+#: sssd.conf.5.xml:822
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
-"Hoeveel seconden zouden nss_sss cache enumeraties (verzoeken om informatie "
-"over alle gebruikers)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-#, fuzzy
-#| msgid "enum_cache_timeout (integer)"
+#: sssd.conf.5.xml:832
 msgid "entry_cache_service_timeout (integer)"
-msgstr "enum_cache_timeout (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-#, fuzzy
-#| msgid ""
-#| "How many seconds should nss_sss cache enumerations (requests for info "
-#| "about all users)"
+#: sssd.conf.5.xml:835
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
-"Hoeveel seconden zouden nss_sss cache enumeraties (verzoeken om informatie "
-"over alle gebruikers)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:845
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:848
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:852
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:861
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:864
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -1300,47 +1281,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
+#: sssd.conf.5.xml:871
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
+#: sssd.conf.5.xml:877
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:880
 msgid "The Data Provider identity backend to use for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
+#: sssd.conf.5.xml:884
 msgid "Supported backends:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
+#: sssd.conf.5.xml:887
 msgid "proxy: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
+#: sssd.conf.5.xml:890
 msgid "local: SSSD internal local provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:893
 msgid "ldap: LDAP provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:899
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
+#: sssd.conf.5.xml:902
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1349,19 +1330,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:915
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:918
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:922
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1369,7 +1350,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:929
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1377,30 +1358,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:936
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:939
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:942
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
+#: sssd.conf.5.xml:948
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:951
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -1408,17 +1389,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:957
 msgid "<quote>permit</quote> always allow access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:960
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
+#: sssd.conf.5.xml:963
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1427,24 +1408,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:970
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:975
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:978
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
+#: sssd.conf.5.xml:983
 msgid ""
 "<quote>ipa</quote> to change a password stored in an IPA server.  See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1452,7 +1433,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:991
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1460,7 +1441,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
+#: sssd.conf.5.xml:999
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1468,35 +1449,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:1007
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
+#: sssd.conf.5.xml:1011
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
+#: sssd.conf.5.xml:1014
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1021
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1027
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1031
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1504,31 +1485,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1038
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1041
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-#, fuzzy
-#| msgid "re_expression (string)"
+#: sssd.conf.5.xml:1047
 msgid "session_provider (string)"
-msgstr "re_expression (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1050
 msgid ""
 "The provider which should handle loading of session settings.  Supported "
 "session providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1055
 msgid ""
 "<quote>ipa</quote> to load session settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1536,66 +1515,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1063
 msgid "<quote>none</quote> disallows fetching session settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1066
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "session loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
+#: sssd.conf.5.xml:1073
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1076
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1080
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1083
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1086
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1089
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1092
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1095
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1101
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1104
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the DNS "
 "resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1603,51 +1582,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1116
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
+#: sssd.conf.5.xml:1119
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1123
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1129
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1132
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
+#: sssd.conf.5.xml:1138
 msgid "case_sensitive (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1141
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1146
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:698
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1655,29 +1634,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1158
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1161
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1164
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1172
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1175
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1685,19 +1664,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1154
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1187
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1189
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -1705,73 +1684,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1196
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
+#: sssd.conf.5.xml:1199
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
+#: sssd.conf.5.xml:1203
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1208
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:1211
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1216
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
+#: sssd.conf.5.xml:1221
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
+#: sssd.conf.5.xml:1224
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
+#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1233
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
+#: sssd.conf.5.xml:1236
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
+#: sssd.conf.5.xml:1245
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1248
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1779,17 +1758,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
+#: sssd.conf.5.xml:1256
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1261
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1264
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -1798,17 +1777,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
+#: sssd.conf.5.xml:1274
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
+#: sssd.conf.5.xml:1279
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1282
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -1816,17 +1795,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1289
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
+#: sssd.conf.5.xml:1294
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1297
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -1834,18 +1813,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1303
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
+#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
 #: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
 msgid "EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -1875,7 +1854,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1315
 msgid ""
 "The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -1884,7 +1863,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1350
 msgid ""
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
 "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -2592,10 +2571,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:622
-#, fuzzy
-#| msgid "enum_cache_timeout (integer)"
 msgid "ldap_purge_cache_timeout (integer)"
-msgstr "enum_cache_timeout (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:625
@@ -2889,10 +2866,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:906
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: ipService"
-msgstr "Standaard: true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:912
@@ -2908,10 +2883,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:925
-#, fuzzy
-#| msgid "full_name_format (string)"
 msgid "ldap_service_port (string)"
-msgstr "full_name_format (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:928
@@ -2920,17 +2893,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:932
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: ipServicePort"
-msgstr "Standaard: true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:938
-#, fuzzy
-#| msgid "re_expression (string)"
 msgid "ldap_service_proto (string)"
-msgstr "re_expression (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:941
@@ -3454,19 +3423,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1416
-#, fuzzy
-#| msgid ""
-#| "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-#| "manvolnum> </citerefentry>-compatible format that describes how to "
-#| "translate a (name, domain) tuple into a fully qualified name."
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
 "evaluate if the password has expired."
 msgstr ""
-"Een <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatibel formaat wat omschrijft hoe een tuple "
-"(met name, domain) vertaald wordt in een full qualified name."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1422
@@ -3734,10 +3695,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:1639
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "SUDO OPTIONS"
-msgstr "OPTIES"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1644
@@ -3751,17 +3710,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1650
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: sudoRole"
-msgstr "Standaard: true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1656
-#, fuzzy
-#| msgid "full_name_format (string)"
 msgid "ldap_sudorule_name (string)"
-msgstr "full_name_format (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1659
@@ -3770,10 +3725,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1669
-#, fuzzy
-#| msgid "command (string)"
 msgid "ldap_sudorule_command (string)"
-msgstr "command (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1672
@@ -3782,10 +3735,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1676
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: sudoCommand"
-msgstr "Standaard: true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1682
@@ -3801,10 +3752,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1690
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: sudoHost"
-msgstr "Standaard: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1696
@@ -3820,17 +3769,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1703
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: sudoUser"
-msgstr "Standaard: true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1709
-#, fuzzy
-#| msgid "re_expression (string)"
 msgid "ldap_sudorule_option (string)"
-msgstr "re_expression (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1712
@@ -3839,10 +3784,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1716
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: sudoOption"
-msgstr "Standaard: true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1722
@@ -3858,10 +3801,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1729
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: sudoRunAsUser"
-msgstr "Standaard: true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1735
@@ -3877,10 +3818,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1742
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: sudoRunAsGroup"
-msgstr "Standaard: true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1748
@@ -3896,10 +3835,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1755
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: sudoNotBefore"
-msgstr "Standaard: true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1761
@@ -3915,10 +3852,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1769
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: sudoNotAfter"
-msgstr "Standaard: true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1775
@@ -3932,10 +3867,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1782
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: sudoOrder"
-msgstr "Standaard: true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1788
@@ -3951,10 +3884,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1801
-#, fuzzy
-#| msgid "enum_cache_timeout (integer)"
 msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr "enum_cache_timeout (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1804
@@ -3971,17 +3902,15 @@ msgstr ""
 #: sssd-ldap.5.xml:1815
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
+"explanation of sudo related attribute semantics, see <citerefentry> "
 "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
 "citerefentry>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:1825
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "AUTOFS OPTIONS"
-msgstr "OPTIES"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1827
@@ -4002,10 +3931,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: automountMap"
-msgstr "Standaard: true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1847
@@ -4019,10 +3946,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1853
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: ou"
-msgstr "Standaard: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1860
@@ -4856,10 +4781,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:307
-#, fuzzy
-#| msgid "re_expression (string)"
 msgid "ipa_automount_location (string)"
-msgstr "re_expression (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:310
@@ -5029,10 +4952,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:459
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: seeAlso"
-msgstr "Standaard: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:464
@@ -5046,10 +4967,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:471
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: ipaSELinuxUser"
-msgstr "Standaard: true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:476
@@ -5080,10 +4999,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:495
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: userCategory"
-msgstr "Standaard: true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:500
@@ -5097,10 +5014,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:507
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: hostCategory"
-msgstr "Standaard: true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:512
@@ -5114,10 +5029,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:519
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: ipaUniqueID"
-msgstr "Standaard: true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:524
@@ -5131,10 +5044,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:531
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: ipaSshPubKey"
-msgstr "Standaard: true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:546
@@ -5271,12 +5182,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
+#: sssd.8.xml:117 sss_debuglevel.8.xml:42
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
+#: sssd.8.xml:121 sss_debuglevel.8.xml:46
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -5423,7 +5334,8 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:82
+#: sss_ssh_knownhostsproxy.1.xml:81
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -6369,6 +6281,321 @@ msgid ""
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_cache.8.xml:10 sss_cache.8.xml:15
+msgid "sss_cache"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_cache.8.xml:16
+msgid "perform cache cleanup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_cache.8.xml:21
+msgid ""
+"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_cache.8.xml:31
+msgid ""
+"<command>sss_cache</command> invalidates records in SSSD cache.  Invalidated "
+"records are forced to be reloaded from server as soon as related SSSD "
+"backend is online."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:42
+msgid ""
+"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:47
+msgid "Invalidate specific user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:53
+msgid "<option>-U</option>,<option>--users</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:57
+msgid ""
+"Invalidate all user records. This option overrides invalidation of specific "
+"user if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:64
+msgid ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:69
+msgid "Invalidate specific group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:75
+msgid "<option>-G</option>,<option>--groups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:79
+msgid ""
+"Invalidate all group records. This option overrides invalidation of specific "
+"group if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:86
+msgid ""
+"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:91
+msgid "Invalidate specific netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:97
+msgid "<option>-N</option>,<option>--netgroups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:101
+msgid ""
+"Invalidate all netgroup records. This option overrides invalidation of "
+"specific netgroup if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:108
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:113
+msgid "Restrict invalidation process only to a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
+msgid "sss_debuglevel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_debuglevel.8.xml:16
+msgid "change debug level while SSSD is running"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_debuglevel.8.xml:21
+msgid ""
+"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
+"replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_debuglevel.8.xml:32
+msgid ""
+"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
+"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
+"running."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_debuglevel.8.xml:59
+msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
+msgid "sss_ssh_authorizedkeys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
+msgid "1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_authorizedkeys.1.xml:16
+msgid "get OpenSSH authorized keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_authorizedkeys.1.xml:21
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>USER</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:32
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
+"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
+"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> for more information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:41
+msgid ""
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
+"command> for public key user authentication if it is compiled with support "
+"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
+"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:58
+#, no-wrap
+msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:51
+msgid ""
+"If <quote>AuthorizedKeysCommand</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by putting the following directive "
+"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:69
+#, no-wrap
+msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:62
+msgid ""
+"If <quote>PubkeyAgent</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by using the following directive "
+"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:87
+msgid ""
+"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:98
+msgid ""
+"<citerefentry> <refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sshd_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
+msgid "sss_ssh_knownhostsproxy"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_knownhostsproxy.1.xml:16
+msgid "get OpenSSH host keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_knownhostsproxy.1.xml:21
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
+"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:33
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
+"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
+"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
+"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> for more information)  <filename>/var/lib/sss/"
+"pubconf/known_hosts</filename> and estabilishes connection to the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:43
+msgid ""
+"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
+"create the connection to the host instead of opening a socket."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_knownhostsproxy.1.xml:55
+#, no-wrap
+msgid ""
+"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
+"GlobalKnownHostsFile2 /var/lib/sss/pubconf/known_hosts\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:48
+msgid ""
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</"
+"command> for host key authentication by using the following directives for "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_ssh_knownhostsproxy.1.xml:69
+msgid ""
+"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:74
+msgid ""
+"Use port <replaceable>PORT</replaceable> to connect to the host.  By "
+"default, port 22 is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:86
+msgid ""
+"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:97
+msgid ""
+"<citerefentry> <refentrytitle>ssh</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>ssh_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -6508,5 +6735,112 @@ msgstr ""
 msgid "Display help message and exit."
 msgstr ""
 
-#~ msgid "Supported services: nss, pam"
-#~ msgstr "Ondersteunde diensten: nss, pam"
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:3
+msgid ""
+"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
+"default value as well as the lowest allowed value, 0xFFF0 is the most "
+"verbose mode. This setting overrides the settings from config file."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:8
+msgid "Currently supported debug levels:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:11
+msgid ""
+"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
+"SSSD from starting up or causes it to cease running."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:15
+msgid ""
+"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
+"the SSSD, but one that indicates that at least one major feature is not "
+"going to work properly."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:20
+msgid ""
+"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
+"particular request or operation has failed."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:24
+msgid ""
+"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
+"percolate down to cause the operation failure of 2."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:28
+msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:31
+msgid "<emphasis>0x0200</emphasis>: Function data."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:34
+msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:37
+msgid ""
+"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:40
+msgid ""
+"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
+"may be interesting."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:43
+msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:46
+msgid ""
+"To log required debug levels, simply add their numbers together as shown in "
+"following examples:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:49
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
+"serious failures and function data use 0x0270."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:53
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
+"function data, trace messages for internal control functions use 0x1310."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:57
+msgid ""
+"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
+"1.7.0.  Older format (numbers from 0-10) is compatible but deprecated."
+msgstr ""
+
+#. type: Content of: outside any tag (error?)
+#: include/experimental.xml:1
+msgid ""
+"<emphasis> This is an experimental feature, please use http://fedorahosted."
+"org/sssd to report any issues.  </emphasis>"
+msgstr ""
diff --git a/src/man/po/nn.po b/src/man/po/nn.po
deleted file mode 100644
index bcfe3c67d..000000000
--- a/src/man/po/nn.po
+++ /dev/null
@@ -1,6313 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Norwegian Nynorsk <i18n-nn@lister.ping.uio.no>\n"
-"Language: nn\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/po4a.cfg b/src/man/po/po4a.cfg
index d33f5c813..3e5af7421 100644
--- a/src/man/po/po4a.cfg
+++ b/src/man/po/po4a.cfg
@@ -1,4 +1,4 @@
-[po4a_langs] as bs bn ca cs de el es et fa fi fr hu id it ja_JP ja ko lt nb nl nn pl pt_BR pt ru sk sq sr ta tr uk ur vi zh_CN zh_TW
+[po4a_langs] cs es fr ja nl pt ru tg uk
 [po4a_paths] po/sssd-docs.pot $lang:po/$lang.po
 [type:docbook] sss_groupmod.8.xml $lang:$(builddir)/$lang/sss_groupmod.8.xml
 [type:docbook] sssd.conf.5.xml $lang:$(builddir)/$lang/sssd.conf.5.xml
diff --git a/src/man/po/pt.po b/src/man/po/pt.po
index 5c02e66f5..b7fc6895a 100644
--- a/src/man/po/pt.po
+++ b/src/man/po/pt.po
@@ -8,9 +8,9 @@ msgid ""
 msgstr ""
 "Project-Id-Version: SSSD\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2011-12-21 10:12+0000\n"
-"Last-Translator: Miguel Sousa <migueljorgesousa@sapo.pt>\n"
+"POT-Creation-Date: 2012-03-12 16:37-0300\n"
+"PO-Revision-Date: 2012-03-08 11:52+0000\n"
+"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
 "Language-Team: Portuguese <trans-pt@lists.fedoraproject.org>\n"
 "Language: pt\n"
 "MIME-Version: 1.0\n"
@@ -23,7 +23,9 @@ msgstr ""
 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
 #: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
 #: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
+#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5
+#: sss_debuglevel.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_ssh_knownhostsproxy.1.xml:5
 msgid "SSSD Manual pages"
 msgstr "Páginas de Manual de SSSD"
 
@@ -36,7 +38,8 @@ msgstr "sss_groupmod"
 #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
+#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11
+#: sss_debuglevel.8.xml:11
 msgid "8"
 msgstr "8"
 
@@ -62,6 +65,8 @@ msgstr ""
 #: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
 #: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
 #: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
+#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_ssh_authorizedkeys.1.xml:30
+#: sss_ssh_knownhostsproxy.1.xml:31
 msgid "DESCRIPTION"
 msgstr "DESCRIÇÃO"
 
@@ -78,6 +83,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
+#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_ssh_authorizedkeys.1.xml:78
+#: sss_ssh_knownhostsproxy.1.xml:65
 msgid "OPTIONS"
 msgstr "Opções"
 
@@ -120,12 +127,13 @@ msgstr ""
 "<replaceable>GROUPS</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
 #: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
+#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sss_ssh_knownhostsproxy.1.xml:95
 msgid "SEE ALSO"
 msgstr "VER TAMBÉM"
 
@@ -250,7 +258,7 @@ msgid "The [sssd] section"
 msgstr "A seção [SSSD]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
 msgid "Section parameters"
 msgstr "Parâmetros de secção"
 
@@ -490,7 +498,7 @@ msgid "Add a timestamp to the debug messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
 #: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
 msgid "Default: true"
 msgstr ""
@@ -506,7 +514,7 @@ msgid "Add microseconds to the timestamp in debug messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
+#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
 #: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
 #: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
 #: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
@@ -515,12 +523,32 @@ msgstr "Padrão: false"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:270
-msgid "command (string)"
+msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:273
 msgid ""
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:282
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:287
+msgid "command (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:290
+msgid ""
 "By default, the executable representing this service is called <command>sssd_"
 "${service_name}</command>.  This directive allows to change the executable "
 "name for the service. In the vast majority of configurations, the default "
@@ -528,45 +556,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
+#: sssd.conf.5.xml:298
 msgid "Default: <command>sssd_${service_name}</command>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
+#: sssd.conf.5.xml:306
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:308
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
+#: sssd.conf.5.xml:313
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
+#: sssd.conf.5.xml:316
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
+#: sssd.conf.5.xml:320
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:325
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
+#: sssd.conf.5.xml:328
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -574,7 +602,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:334
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -584,7 +612,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
+#: sssd.conf.5.xml:344
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -593,17 +621,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
+#: sssd.conf.5.xml:352
 msgid "Default: 50"
 msgstr "Padrão: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
+#: sssd.conf.5.xml:357
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
+#: sssd.conf.5.xml:360
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -611,17 +639,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:371
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:374
 msgid ""
 "Exclude certain users from being fetched from the sss NSS database. This is "
 "particularly useful for system accounts. This option can also be set per-"
@@ -630,78 +658,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:381
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
+#: sssd.conf.5.xml:386
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
+#: sssd.conf.5.xml:389
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:398
 msgid "override_homedir (string)"
 msgstr "override_homedir (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
 msgid "%u"
 msgstr "%u"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
 msgid "login name"
 msgstr "nome de login"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
 msgid "%U"
 msgstr "%U"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:412
 msgid "UID number"
 msgstr "Número UID"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
 msgid "%d"
 msgstr "%d"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:416
 msgid "domain name"
 msgstr "nome de domínio"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:419
 msgid "%f"
 msgstr "%f"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:420
 msgid "fully qualified user name (user@domain)"
 msgstr "nome totalmente qualificado do utilizador (utilizador@domínio)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
 msgid "%%"
 msgstr "%%"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
 msgid "a literal '%'"
 msgstr "um literal '%'"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:401
 msgid ""
 "Override the user's home directory. You can either provide an absolute value "
 "or a template. In the template, the following sequences are substituted: "
@@ -709,138 +737,138 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:430
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
+#: sssd.conf.5.xml:435
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
+#: sssd.conf.5.xml:438
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
+#: sssd.conf.5.xml:441
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:445
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
+#: sssd.conf.5.xml:450
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:455
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:458
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:462
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:467
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:470
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:475
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:478
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:482
 msgid "Default: /bin/sh"
 msgstr "Padrão: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:489
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
+#: sssd.conf.5.xml:491
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:496
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:499
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
+#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
+#: sssd.conf.5.xml:510
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:513
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
+#: sssd.conf.5.xml:523
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
+#: sssd.conf.5.xml:526
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
+#: sssd.conf.5.xml:531
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -848,59 +876,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:543
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
+#: sssd.conf.5.xml:546
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
+#: sssd.conf.5.xml:551
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:554
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:557
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
+#: sssd.conf.5.xml:561
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
+#: sssd.conf.5.xml:564
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
+#: sssd.conf.5.xml:568 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Padrão: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:573
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:576
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -908,7 +936,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
+#: sssd.conf.5.xml:582
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -917,17 +945,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:596
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:599
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:602
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -935,31 +963,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
+#: sssd.conf.5.xml:608
 msgid "Default: 7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-#, fuzzy
-#| msgid "Configuration"
+#: sssd.conf.5.xml:616
 msgid "SUDO configuration options"
-msgstr "Configuração"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:618
 msgid "These options can be used to configure the sudo service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-#, fuzzy
-#| msgid "entry_cache_timeout (integer)"
+#: sssd.conf.5.xml:625
 msgid "sudo_cache_timeout (integer)"
-msgstr "entry_cache_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
+#: sssd.conf.5.xml:628
 msgid ""
 "For any sudo request that comes while SSSD is online, the SSSD will attempt "
 "to update the cached rules in order to ensure that sudo has the latest "
@@ -967,7 +991,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:634
 msgid ""
 "The user may, however, run a couple of sudo commands successively, which "
 "would trigger multiple LDAP requests.  In order to speed up this use-case, "
@@ -976,77 +1000,71 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
+#: sssd.conf.5.xml:641
 msgid ""
 "This option controls how long (in seconds) can the sudo service cache rules "
 "for a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-#, fuzzy
-#| msgid "Default: 10"
+#: sssd.conf.5.xml:645
 msgid "Default: 180"
-msgstr "Padrão: 10"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-#, fuzzy
-#| msgid "remove_homedir (bool)"
+#: sssd.conf.5.xml:650
 msgid "sudo_timed (bool)"
-msgstr "remove_homedir (bool)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:653
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:666
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:668
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
+#: sssd.conf.5.xml:676
 msgid "autofs_negative_timeout (integer)"
-msgstr "pam_id_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
+#: sssd.conf.5.xml:679
 msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
+"Specifies for how many seconds should the autofs responder negative cache "
+"hits (that is, queries for invalid map entries, like nonexistent ones) "
 "before asking the back end again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:696
 msgid "DOMAIN SECTIONS"
 msgstr "SECÇÕES DE DOM�NIO"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:703
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
+#: sssd.conf.5.xml:706
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:711
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1055,56 +1073,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:718
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Padrão: 1 para min_id, 0 (sem limite) para max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:724
 msgid "timeout (integer)"
 msgstr "timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:727
 msgid ""
 "Timeout in seconds between heartbeats for this domain.  This is used to "
 "ensure that the backend process is alive and capable of answering requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
+#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
 msgid "Default: 10"
 msgstr "Padrão: 10"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:738
 msgid "enumerate (bool)"
 msgstr "enumerate (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:741
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
+#: sssd.conf.5.xml:745
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:748
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
+#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
 msgid "Default: FALSE"
 msgstr "Padrão: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:754
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1114,14 +1132,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
+#: sssd.conf.5.xml:764
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
+#: sssd.conf.5.xml:769
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -1130,108 +1148,98 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:780
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:783
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
+#: sssd.conf.5.xml:787
 msgid "Default: 5400"
 msgstr "Padrão: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-#, fuzzy
-#| msgid "entry_cache_timeout (integer)"
+#: sssd.conf.5.xml:793
 msgid "entry_cache_user_timeout (integer)"
-msgstr "entry_cache_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
+#: sssd.conf.5.xml:796
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-#, fuzzy
-#| msgid "entry_cache_timeout (integer)"
+#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
+#: sssd.conf.5.xml:839
 msgid "Default: entry_cache_timeout"
-msgstr "entry_cache_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-#, fuzzy
-#| msgid "entry_cache_timeout (integer)"
+#: sssd.conf.5.xml:806
 msgid "entry_cache_group_timeout (integer)"
-msgstr "entry_cache_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
+#: sssd.conf.5.xml:809
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-#, fuzzy
-#| msgid "entry_cache_timeout (integer)"
+#: sssd.conf.5.xml:819
 msgid "entry_cache_netgroup_timeout (integer)"
-msgstr "entry_cache_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:822
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-#, fuzzy
-#| msgid "entry_cache_timeout (integer)"
+#: sssd.conf.5.xml:832
 msgid "entry_cache_service_timeout (integer)"
-msgstr "entry_cache_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:835
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:845
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:848
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:852
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:861
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:864
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -1240,47 +1248,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
+#: sssd.conf.5.xml:871
 msgid "Default: 0 (unlimited)"
 msgstr "Padrão: 0 (ilimitado)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
+#: sssd.conf.5.xml:877
 msgid "id_provider (string)"
 msgstr "id_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:880
 msgid "The Data Provider identity backend to use for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
+#: sssd.conf.5.xml:884
 msgid "Supported backends:"
 msgstr "Backends suportados:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
+#: sssd.conf.5.xml:887
 msgid "proxy: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
+#: sssd.conf.5.xml:890
 msgid "local: SSSD internal local provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:893
 msgid "ldap: LDAP provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:899
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
+#: sssd.conf.5.xml:902
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1289,19 +1297,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:915
 msgid "auth_provider (string)"
 msgstr "auth_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:918
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:922
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1309,7 +1317,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:929
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1317,30 +1325,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:936
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:939
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:942
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
+#: sssd.conf.5.xml:948
 msgid "access_provider (string)"
 msgstr "access_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:951
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -1348,17 +1356,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:957
 msgid "<quote>permit</quote> always allow access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:960
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
+#: sssd.conf.5.xml:963
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1367,24 +1375,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:970
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:975
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:978
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
+#: sssd.conf.5.xml:983
 msgid ""
 "<quote>ipa</quote> to change a password stored in an IPA server.  See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1392,7 +1400,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:991
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1400,7 +1408,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
+#: sssd.conf.5.xml:999
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1408,75 +1416,65 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:1007
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
+#: sssd.conf.5.xml:1011
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
+#: sssd.conf.5.xml:1014
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-#, fuzzy
-#| msgid "id_provider (string)"
+#: sssd.conf.5.xml:1021
 msgid "sudo_provider (string)"
-msgstr "id_provider (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1027
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-#, fuzzy
-#| msgid ""
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-#| "manvolnum> </citerefentry>"
+#: sssd.conf.5.xml:1031
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry> for more information on configuring LDAP."
 msgstr ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1038
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1041
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-#, fuzzy
-#| msgid "access_provider (string)"
+#: sssd.conf.5.xml:1047
 msgid "session_provider (string)"
-msgstr "access_provider (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1050
 msgid ""
 "The provider which should handle loading of session settings.  Supported "
 "session providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1055
 msgid ""
 "<quote>ipa</quote> to load session settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1484,66 +1482,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1063
 msgid "<quote>none</quote> disallows fetching session settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1066
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "session loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
+#: sssd.conf.5.xml:1073
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1076
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1080
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1083
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1086
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1089
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1092
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1095
 msgid "Default: ipv4_first"
 msgstr "Default: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1101
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1104
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the DNS "
 "resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1551,51 +1549,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1116
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
+#: sssd.conf.5.xml:1119
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1123
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1129
 msgid "override_gid (integer)"
 msgstr "override_gid (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1132
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
+#: sssd.conf.5.xml:1138
 msgid "case_sensitive (boolean)"
 msgstr "case_sensitive (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1141
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1146
 msgid "Default: True"
 msgstr "Padrão: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:698
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1603,29 +1601,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1158
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1161
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1164
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1172
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1175
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1633,19 +1631,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1154
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1187
 msgid "The local domain section"
 msgstr "A secção de domínio local"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1189
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -1653,73 +1651,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1196
 msgid "default_shell (string)"
 msgstr "default_shell (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
+#: sssd.conf.5.xml:1199
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
+#: sssd.conf.5.xml:1203
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr "Padrão: <filename>bash/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1208
 msgid "base_directory (string)"
 msgstr "base_directory (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:1211
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1216
 msgid "Default: <filename>/home</filename>"
 msgstr "Padrão: <filename>/ home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
+#: sssd.conf.5.xml:1221
 msgid "create_homedir (bool)"
 msgstr "create_homedir (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
+#: sssd.conf.5.xml:1224
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
+#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
 msgid "Default: TRUE"
 msgstr "Padrão: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1233
 msgid "remove_homedir (bool)"
 msgstr "remove_homedir (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
+#: sssd.conf.5.xml:1236
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
+#: sssd.conf.5.xml:1245
 msgid "homedir_umask (integer)"
 msgstr "homedir_umask (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1248
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1727,17 +1725,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
+#: sssd.conf.5.xml:1256
 msgid "Default: 077"
 msgstr "Padrão: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1261
 msgid "skel_dir (string)"
 msgstr "skel_dir (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1264
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -1746,17 +1744,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
+#: sssd.conf.5.xml:1274
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "Padrão: <filename>skel/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
+#: sssd.conf.5.xml:1279
 msgid "mail_dir (string)"
 msgstr "mail_dir (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1282
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -1764,17 +1762,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1289
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "Padrão: <filename>mail/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
+#: sssd.conf.5.xml:1294
 msgid "userdel_cmd (string)"
 msgstr "userdel_cmd (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1297
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -1782,18 +1780,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1303
 msgid "Default: None, no command is run"
 msgstr "Padrão: None, nenhum comando é executado"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
+#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
 #: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
 msgid "EXAMPLE"
 msgstr "EXEMPLO"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -1847,7 +1845,7 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1315
 msgid ""
 "The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -1856,7 +1854,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1350
 msgid ""
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
 "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -2541,10 +2539,8 @@ msgstr "Padrão: krbPrincipalName"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:582
-#, fuzzy
-#| msgid "ldap_user_shell (string)"
 msgid "ldap_user_ssh_public_key (string)"
-msgstr "ldap_user_shell (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:585
@@ -2584,10 +2580,8 @@ msgstr "Padrão: 300"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:622
-#, fuzzy
-#| msgid "ldap_search_timeout (integer)"
 msgid "ldap_purge_cache_timeout (integer)"
-msgstr "ldap_search_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:625
@@ -2871,10 +2865,8 @@ msgstr "ldap_netgroup_modify_timestamp (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:900
-#, fuzzy
-#| msgid "ipa_host_object_class (string)"
 msgid "ldap_service_object_class (string)"
-msgstr "ipa_host_object_class (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:903
@@ -2883,17 +2875,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:906
-#, fuzzy
-#| msgid "Default: filter"
 msgid "Default: ipService"
-msgstr "Padrão: filter"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:912
-#, fuzzy
-#| msgid "ldap_user_fullname (string)"
 msgid "ldap_service_name (string)"
-msgstr "ldap_user_fullname (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:915
@@ -2904,10 +2892,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:925
-#, fuzzy
-#| msgid "ldap_tls_reqcert (string)"
 msgid "ldap_service_port (string)"
-msgstr "ldap_tls_reqcert (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:928
@@ -2916,17 +2902,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:932
-#, fuzzy
-#| msgid "Default: ipv4_first"
 msgid "Default: ipServicePort"
-msgstr "Default: ipv4_first"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:938
-#, fuzzy
-#| msgid "ldap_tls_reqcert (string)"
 msgid "ldap_service_proto (string)"
-msgstr "ldap_tls_reqcert (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:941
@@ -2936,17 +2918,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:945
-#, fuzzy
-#| msgid "Default: ipv4_first"
 msgid "Default: ipServiceProtocol"
-msgstr "Default: ipv4_first"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:951
-#, fuzzy
-#| msgid "ldap_user_search_base (string)"
 msgid "ldap_service_search_base (string)"
-msgstr "ldap_user_search_base (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:954
@@ -3457,17 +3435,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1416
-#, fuzzy
-#| msgid ""
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-#| "manvolnum> </citerefentry>"
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
 "evaluate if the password has expired."
 msgstr ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1422
@@ -3735,17 +3707,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:1639
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "SUDO OPTIONS"
-msgstr "Opções"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1644
-#, fuzzy
-#| msgid "ipa_host_object_class (string)"
 msgid "ldap_sudorule_object_class (string)"
-msgstr "ipa_host_object_class (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1647
@@ -3754,17 +3722,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1650
-#, fuzzy
-#| msgid "Default: True"
 msgid "Default: sudoRole"
-msgstr "Padrão: TRUE"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1656
-#, fuzzy
-#| msgid "ldap_user_fullname (string)"
 msgid "ldap_sudorule_name (string)"
-msgstr "ldap_user_fullname (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1659
@@ -3773,10 +3737,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1669
-#, fuzzy
-#| msgid "ldap_deref (string)"
 msgid "ldap_sudorule_command (string)"
-msgstr "ldap_deref (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1672
@@ -3785,17 +3747,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1676
-#, fuzzy
-#| msgid "Default: shadowMin"
 msgid "Default: sudoCommand"
-msgstr "Padrão: shadowMin"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1682
-#, fuzzy
-#| msgid "ldap_user_authorized_host (string)"
 msgid "ldap_sudorule_host (string)"
-msgstr "ldap_user_authorized_host (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1685
@@ -3806,17 +3764,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1690
-#, fuzzy
-#| msgid "Default: host"
 msgid "Default: sudoHost"
-msgstr "Padrão: host"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1696
-#, fuzzy
-#| msgid "ldap_user_shell (string)"
 msgid "ldap_sudorule_user (string)"
-msgstr "ldap_user_shell (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1699
@@ -3827,17 +3781,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1703
-#, fuzzy
-#| msgid "Default: True"
 msgid "Default: sudoUser"
-msgstr "Padrão: TRUE"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1709
-#, fuzzy
-#| msgid "ldap_uri (string)"
 msgid "ldap_sudorule_option (string)"
-msgstr "ldap_uri (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1712
@@ -3846,17 +3796,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1716
-#, fuzzy
-#| msgid "Default: shadowMin"
 msgid "Default: sudoOption"
-msgstr "Padrão: shadowMin"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1722
-#, fuzzy
-#| msgid "ldap_user_fullname (string)"
 msgid "ldap_sudorule_runasuser (string)"
-msgstr "ldap_user_fullname (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1725
@@ -3867,17 +3813,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1729
-#, fuzzy
-#| msgid "Default: none"
 msgid "Default: sudoRunAsUser"
-msgstr "Padrão: none"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1735
-#, fuzzy
-#| msgid "ldap_user_uuid (string)"
 msgid "ldap_sudorule_runasgroup (string)"
-msgstr "ldap_user_uuid (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1738
@@ -3888,17 +3830,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1742
-#, fuzzy
-#| msgid "Default: shadowMin"
 msgid "Default: sudoRunAsGroup"
-msgstr "Padrão: shadowMin"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1748
-#, fuzzy
-#| msgid "ldap_deref (string)"
 msgid "ldap_sudorule_notbefore (string)"
-msgstr "ldap_deref (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1751
@@ -3909,17 +3847,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1755
-#, fuzzy
-#| msgid "Default: shadowExpire"
 msgid "Default: sudoNotBefore"
-msgstr "Padrão: shadowExpire"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1761
-#, fuzzy
-#| msgid "ldap_user_fullname (string)"
 msgid "ldap_sudorule_notafter (string)"
-msgstr "ldap_user_fullname (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1764
@@ -3930,17 +3864,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1769
-#, fuzzy
-#| msgid "Default: filter"
 msgid "Default: sudoNotAfter"
-msgstr "Padrão: filter"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1775
-#, fuzzy
-#| msgid "ldap_deref (string)"
 msgid "ldap_sudorule_order (string)"
-msgstr "ldap_deref (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1778
@@ -3949,17 +3879,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1782
-#, fuzzy
-#| msgid "Default: shadowExpire"
 msgid "Default: sudoOrder"
-msgstr "Padrão: shadowExpire"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1788
-#, fuzzy
-#| msgid "ldap_force_upper_case_realm (boolean)"
 msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr "ldap_force_upper_case_realm (boolean)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1791
@@ -3970,10 +3896,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1801
-#, fuzzy
-#| msgid "ldap_enumeration_refresh_timeout (integer)"
 msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr "ldap_enumeration_refresh_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1804
@@ -3983,26 +3907,22 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1642
-#, fuzzy
-#| msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1815
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
+"explanation of sudo related attribute semantics, see <citerefentry> "
 "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
 "citerefentry>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:1825
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "AUTOFS OPTIONS"
-msgstr "Opções"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1827
@@ -4013,10 +3933,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1834
-#, fuzzy
-#| msgid "ipa_host_object_class (string)"
 msgid "ldap_autofs_map_object_class (string)"
-msgstr "ipa_host_object_class (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
@@ -4025,17 +3943,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-#, fuzzy
-#| msgid "Default: /tmp"
 msgid "Default: automountMap"
-msgstr "Padrão: /tmp."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1847
-#, fuzzy
-#| msgid "ldap_user_fullname (string)"
 msgid "ldap_autofs_map_name (string)"
-msgstr "ldap_user_fullname (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1850
@@ -4044,24 +3958,18 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1853
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: ou"
-msgstr "Padrão: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1860
-#, fuzzy
-#| msgid "ipa_host_object_class (string)"
 msgid "ldap_autofs_entry_object_class (string)"
-msgstr "ipa_host_object_class (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1874
-#, fuzzy
-#| msgid "ldap_user_shell (string)"
 msgid "ldap_autofs_entry_key (string)"
-msgstr "ldap_user_shell (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
@@ -4072,17 +3980,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1888
-#, fuzzy
-#| msgid "ldap_user_uuid (string)"
 msgid "ldap_autofs_entry_value (string)"
-msgstr "ldap_user_uuid (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1895
-#, fuzzy
-#| msgid "Default: shadowInactive"
 msgid "Default: automountInformation"
-msgstr "Padrão: shadowInactive"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1832
@@ -4184,10 +4088,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:2012
-#, fuzzy
-#| msgid "ldap_search_base (string)"
 msgid "ldap_sudo_search_base (string)"
-msgstr "ldap_search_base (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2015
@@ -4197,10 +4099,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:2034
-#, fuzzy
-#| msgid "ldap_user_search_base (string)"
 msgid "ldap_autofs_search_base (string)"
-msgstr "ldap_user_search_base (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2037
@@ -4778,10 +4678,8 @@ msgstr "Default: Use base DN"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:156
-#, fuzzy
-#| msgid "ipa_hbac_search_base (string)"
 msgid "ipa_host_search_base (string)"
-msgstr "ipa_hbac_search_base (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:159
@@ -4798,10 +4696,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:180
-#, fuzzy
-#| msgid "ipa_hbac_search_base (string)"
 msgid "ipa_selinux_search_base (string)"
-msgstr "ipa_hbac_search_base (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:183
@@ -4921,10 +4817,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:307
-#, fuzzy
-#| msgid "ipa_domain (string)"
 msgid "ipa_automount_location (string)"
-msgstr "ipa_domain (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:310
@@ -5044,17 +4938,13 @@ msgstr "Padrão: fqdn"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:404
-#, fuzzy
-#| msgid "ipa_host_object_class (string)"
 msgid "ipa_selinux_usermap_object_class (string)"
-msgstr "ipa_host_object_class (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:415
-#, fuzzy
-#| msgid "ldap_user_fullname (string)"
 msgid "ipa_selinux_usermap_name (string)"
-msgstr "ldap_user_fullname (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:418
@@ -5063,10 +4953,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:427
-#, fuzzy
-#| msgid "ipa_netgroup_member_host (string)"
 msgid "ipa_selinux_usermap_member_user (string)"
-msgstr "ipa_netgroup_member_host (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:430
@@ -5076,10 +4964,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:439
-#, fuzzy
-#| msgid "ipa_netgroup_member_host (string)"
 msgid "ipa_selinux_usermap_member_host (string)"
-msgstr "ipa_netgroup_member_host (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:442
@@ -5090,10 +4976,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:451
-#, fuzzy
-#| msgid "ipa_netgroup_member_host (string)"
 msgid "ipa_selinux_usermap_see_also (string)"
-msgstr "ipa_netgroup_member_host (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:454
@@ -5104,17 +4988,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:459
-#, fuzzy
-#| msgid "Default: false"
 msgid "Default: seeAlso"
-msgstr "Padrão: false"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:464
-#, fuzzy
-#| msgid "ipa_server (string)"
 msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr "ipa_server (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:467
@@ -5123,17 +5003,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:471
-#, fuzzy
-#| msgid "Default: ipaHost"
 msgid "Default: ipaSELinuxUser"
-msgstr "Padrão: ipaHost"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:476
-#, fuzzy
-#| msgid "ipa_server (string)"
 msgid "ipa_selinux_usermap_enabled (string)"
-msgstr "ipa_server (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:479
@@ -5144,17 +5020,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:483
-#, fuzzy
-#| msgid "Default: false"
 msgid "Default: ipaEnabledFlag"
-msgstr "Padrão: false"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:488
-#, fuzzy
-#| msgid "ldap_user_search_filter (string)"
 msgid "ipa_selinux_usermap_user_category (string)"
-msgstr "ldap_user_search_filter (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:491
@@ -5163,17 +5035,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:495
-#, fuzzy
-#| msgid "Default: homeDirectory"
 msgid "Default: userCategory"
-msgstr "Padrão: homeDirectory"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:500
-#, fuzzy
-#| msgid "ipa_netgroup_member_host (string)"
 msgid "ipa_selinux_usermap_host_category (string)"
-msgstr "ipa_netgroup_member_host (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:503
@@ -5182,17 +5050,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:507
-#, fuzzy
-#| msgid "Default: host"
 msgid "Default: hostCategory"
-msgstr "Padrão: host"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:512
-#, fuzzy
-#| msgid "ldap_user_uuid (string)"
 msgid "ipa_selinux_usermap_uuid (string)"
-msgstr "ldap_user_uuid (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:515
@@ -5201,17 +5065,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:519
-#, fuzzy
-#| msgid "Default: nsUniqueId"
 msgid "Default: ipaUniqueID"
-msgstr "Padrão: nsUniqueId"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:524
-#, fuzzy
-#| msgid "ipa_hostname (string)"
 msgid "ipa_host_ssh_public_key (string)"
-msgstr "ipa_hostname (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:527
@@ -5220,10 +5080,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:531
-#, fuzzy
-#| msgid "Default: ipaHost"
 msgid "Default: ipaSshPubKey"
-msgstr "Padrão: ipaHost"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:546
@@ -5374,12 +5232,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr "Executar em primeiro plano, não se torne um daemon."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
+#: sssd.8.xml:117 sss_debuglevel.8.xml:42
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr "<option>-c</option>,<option>--config</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
+#: sssd.8.xml:121 sss_debuglevel.8.xml:46
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -5540,7 +5398,8 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:82
+#: sss_ssh_knownhostsproxy.1.xml:81
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -6525,6 +6384,321 @@ msgstr ""
 "citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_cache.8.xml:10 sss_cache.8.xml:15
+msgid "sss_cache"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_cache.8.xml:16
+msgid "perform cache cleanup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_cache.8.xml:21
+msgid ""
+"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_cache.8.xml:31
+msgid ""
+"<command>sss_cache</command> invalidates records in SSSD cache.  Invalidated "
+"records are forced to be reloaded from server as soon as related SSSD "
+"backend is online."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:42
+msgid ""
+"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:47
+msgid "Invalidate specific user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:53
+msgid "<option>-U</option>,<option>--users</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:57
+msgid ""
+"Invalidate all user records. This option overrides invalidation of specific "
+"user if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:64
+msgid ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:69
+msgid "Invalidate specific group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:75
+msgid "<option>-G</option>,<option>--groups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:79
+msgid ""
+"Invalidate all group records. This option overrides invalidation of specific "
+"group if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:86
+msgid ""
+"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:91
+msgid "Invalidate specific netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:97
+msgid "<option>-N</option>,<option>--netgroups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:101
+msgid ""
+"Invalidate all netgroup records. This option overrides invalidation of "
+"specific netgroup if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:108
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:113
+msgid "Restrict invalidation process only to a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
+msgid "sss_debuglevel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_debuglevel.8.xml:16
+msgid "change debug level while SSSD is running"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_debuglevel.8.xml:21
+msgid ""
+"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
+"replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_debuglevel.8.xml:32
+msgid ""
+"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
+"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
+"running."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_debuglevel.8.xml:59
+msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
+msgid "sss_ssh_authorizedkeys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
+msgid "1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_authorizedkeys.1.xml:16
+msgid "get OpenSSH authorized keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_authorizedkeys.1.xml:21
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>USER</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:32
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
+"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
+"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> for more information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:41
+msgid ""
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
+"command> for public key user authentication if it is compiled with support "
+"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
+"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:58
+#, no-wrap
+msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:51
+msgid ""
+"If <quote>AuthorizedKeysCommand</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by putting the following directive "
+"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:69
+#, no-wrap
+msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:62
+msgid ""
+"If <quote>PubkeyAgent</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by using the following directive "
+"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:87
+msgid ""
+"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:98
+msgid ""
+"<citerefentry> <refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sshd_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
+msgid "sss_ssh_knownhostsproxy"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_knownhostsproxy.1.xml:16
+msgid "get OpenSSH host keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_knownhostsproxy.1.xml:21
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
+"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:33
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
+"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
+"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
+"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> for more information)  <filename>/var/lib/sss/"
+"pubconf/known_hosts</filename> and estabilishes connection to the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:43
+msgid ""
+"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
+"create the connection to the host instead of opening a socket."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_knownhostsproxy.1.xml:55
+#, no-wrap
+msgid ""
+"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
+"GlobalKnownHostsFile2 /var/lib/sss/pubconf/known_hosts\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:48
+msgid ""
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</"
+"command> for host key authentication by using the following directives for "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_ssh_knownhostsproxy.1.xml:69
+msgid ""
+"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:74
+msgid ""
+"Use port <replaceable>PORT</replaceable> to connect to the host.  By "
+"default, port 22 is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:86
+msgid ""
+"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:97
+msgid ""
+"<citerefentry> <refentrytitle>ssh</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>ssh_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -6664,8 +6838,112 @@ msgstr "<option>-h</option>,<option>--help</option>"
 msgid "Display help message and exit."
 msgstr "Exibe a mensagem de ajuda e sai."
 
-#~ msgid "ldap_purge_cache_timeout"
-#~ msgstr "ldap_purge_cache_timeout"
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:3
+msgid ""
+"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
+"default value as well as the lowest allowed value, 0xFFF0 is the most "
+"verbose mode. This setting overrides the settings from config file."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:8
+msgid "Currently supported debug levels:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:11
+msgid ""
+"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
+"SSSD from starting up or causes it to cease running."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:15
+msgid ""
+"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
+"the SSSD, but one that indicates that at least one major feature is not "
+"going to work properly."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:20
+msgid ""
+"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
+"particular request or operation has failed."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:24
+msgid ""
+"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
+"percolate down to cause the operation failure of 2."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:28
+msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:31
+msgid "<emphasis>0x0200</emphasis>: Function data."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:34
+msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:37
+msgid ""
+"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:40
+msgid ""
+"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
+"may be interesting."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:43
+msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:46
+msgid ""
+"To log required debug levels, simply add their numbers together as shown in "
+"following examples:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:49
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
+"serious failures and function data use 0x0270."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:53
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
+"function data, trace messages for internal control functions use 0x1310."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:57
+msgid ""
+"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
+"1.7.0.  Older format (numbers from 0-10) is compatible but deprecated."
+msgstr ""
 
-#~ msgid "Supported services: nss, pam"
-#~ msgstr "Suporte para serviços: nss, pam"
+#. type: Content of: outside any tag (error?)
+#: include/experimental.xml:1
+msgid ""
+"<emphasis> This is an experimental feature, please use http://fedorahosted."
+"org/sssd to report any issues.  </emphasis>"
+msgstr ""
diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po
deleted file mode 100644
index 4254b1749..000000000
--- a/src/man/po/pt_BR.po
+++ /dev/null
@@ -1,6313 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Portuguese (Brazilian) <trans-pt_br@lists.fedoraproject.org>\n"
-"Language: pt_BR\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n > 1)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/ru.po b/src/man/po/ru.po
index d65047700..346ca6e68 100644
--- a/src/man/po/ru.po
+++ b/src/man/po/ru.po
@@ -3,13 +3,14 @@
 # This file is distributed under the same license as the sssd-docs package.
 #
 # Translators:
+# Artyom Kunyov <artkun@guitarplayer.ru>, 2012.
 msgid ""
 msgstr ""
 "Project-Id-Version: SSSD\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"POT-Creation-Date: 2012-03-12 16:37-0300\n"
+"PO-Revision-Date: 2012-03-08 11:52+0000\n"
+"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
 "Language-Team: Russian <trans-ru@lists.fedoraproject.org>\n"
 "Language: ru\n"
 "MIME-Version: 1.0\n"
@@ -23,9 +24,11 @@ msgstr ""
 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
 #: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
 #: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
+#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5
+#: sss_debuglevel.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_ssh_knownhostsproxy.1.xml:5
 msgid "SSSD Manual pages"
-msgstr ""
+msgstr "Справка по SSSD"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
@@ -36,14 +39,15 @@ msgstr ""
 #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
+#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11
+#: sss_debuglevel.8.xml:11
 msgid "8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_groupmod.8.xml:16
 msgid "modify a group"
-msgstr ""
+msgstr "изменить группу"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_groupmod.8.xml:21
@@ -59,8 +63,10 @@ msgstr ""
 #: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
 #: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
 #: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
+#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_ssh_authorizedkeys.1.xml:30
+#: sss_ssh_knownhostsproxy.1.xml:31
 msgid "DESCRIPTION"
-msgstr ""
+msgstr "ОПИС��ИЕ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_groupmod.8.xml:32
@@ -73,8 +79,10 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
+#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_ssh_authorizedkeys.1.xml:78
+#: sss_ssh_knownhostsproxy.1.xml:65
 msgid "OPTIONS"
-msgstr ""
+msgstr "ОПЦИИ"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
@@ -106,14 +114,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
 #: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
+#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sss_ssh_knownhostsproxy.1.xml:95
 msgid "SEE ALSO"
-msgstr ""
+msgstr "СМ. Т�КЖЕ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_groupmod.8.xml:74
@@ -132,13 +141,13 @@ msgstr ""
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd.conf.5.xml:10 sssd.conf.5.xml:16
 msgid "sssd.conf"
-msgstr ""
+msgstr "sssd.CONF"
 
 #. type: Content of: <reference><refentry><refmeta><manvolnum>
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
 msgid "5"
-msgstr ""
+msgstr "5"
 
 #. type: Content of: <reference><refentry><refmeta><refmiscinfo>
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
@@ -150,12 +159,12 @@ msgstr ""
 #: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
 #: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
 msgid "the configuration file for SSSD"
-msgstr ""
+msgstr "Файл конфигурации SSSD"
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd.conf.5.xml:21
 msgid "FILE FORMAT"
-msgstr ""
+msgstr "ФОРМ�Т Ф�ЙЛ�"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd.conf.5.xml:29
@@ -215,7 +224,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
 msgid "Section parameters"
 msgstr ""
 
@@ -234,7 +243,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:81
 msgid "services"
-msgstr ""
+msgstr "�лужбы"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:84
@@ -251,7 +260,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:94 sssd.conf.5.xml:257
 msgid "reconnection_retries (integer)"
-msgstr ""
+msgstr "попыток_�оединени� (целое чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:97 sssd.conf.5.xml:260
@@ -263,12 +272,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:102 sssd.conf.5.xml:265
 msgid "Default: 3"
-msgstr ""
+msgstr "По умолчанию: 3"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:107
 msgid "domains"
-msgstr ""
+msgstr "домены"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:110
@@ -330,7 +339,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:157
 msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
+msgstr "По умолчанию: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:162
@@ -445,7 +454,7 @@ msgid "Add a timestamp to the debug messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
 #: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
 msgid "Default: true"
 msgstr ""
@@ -461,21 +470,41 @@ msgid "Add microseconds to the timestamp in debug messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
+#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
 #: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
 #: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
 #: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
 msgid "Default: false"
-msgstr ""
+msgstr "По умолчанию: false"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:270
-msgid "command (string)"
+msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:273
 msgid ""
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:282
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:287
+msgid "command (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:290
+msgid ""
 "By default, the executable representing this service is called <command>sssd_"
 "${service_name}</command>.  This directive allows to change the executable "
 "name for the service. In the vast majority of configurations, the default "
@@ -483,45 +512,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
+#: sssd.conf.5.xml:298
 msgid "Default: <command>sssd_${service_name}</command>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
+#: sssd.conf.5.xml:306
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:308
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
+#: sssd.conf.5.xml:313
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
+#: sssd.conf.5.xml:316
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
+#: sssd.conf.5.xml:320
 msgid "Default: 120"
-msgstr ""
+msgstr "По умолчанию: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:325
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
+#: sssd.conf.5.xml:328
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -529,7 +558,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:334
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -539,7 +568,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
+#: sssd.conf.5.xml:344
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -548,17 +577,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
+#: sssd.conf.5.xml:352
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
+#: sssd.conf.5.xml:357
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
+#: sssd.conf.5.xml:360
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -566,17 +595,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
 msgid "Default: 15"
-msgstr ""
+msgstr "По умолчанию: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:371
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:374
 msgid ""
 "Exclude certain users from being fetched from the sss NSS database. This is "
 "particularly useful for system accounts. This option can also be set per-"
@@ -585,78 +614,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:381
 msgid "Default: root"
-msgstr ""
+msgstr "По умолчанию: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
+#: sssd.conf.5.xml:386
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
+#: sssd.conf.5.xml:389
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:398
 msgid "override_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
 msgid "%u"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
 msgid "login name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
 msgid "%U"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:412
 msgid "UID number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
 msgid "%d"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:416
 msgid "domain name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:419
 msgid "%f"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:420
 msgid "fully qualified user name (user@domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
 msgid "%%"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
 msgid "a literal '%'"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:401
 msgid ""
 "Override the user's home directory. You can either provide an absolute value "
 "or a template. In the template, the following sequences are substituted: "
@@ -664,138 +693,138 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:430
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
+#: sssd.conf.5.xml:435
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
+#: sssd.conf.5.xml:438
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
+#: sssd.conf.5.xml:441
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:445
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
+#: sssd.conf.5.xml:450
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:455
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:458
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:462
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:467
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:470
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:475
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:478
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:482
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:489
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
+#: sssd.conf.5.xml:491
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:496
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:499
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
+#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
 msgid "Default: 0 (No limit)"
-msgstr ""
+msgstr "По умолчанию: 0 (неограничено)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
+#: sssd.conf.5.xml:510
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:513
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
+#: sssd.conf.5.xml:523
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
+#: sssd.conf.5.xml:526
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
+#: sssd.conf.5.xml:531
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -803,59 +832,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
 msgid "Default: 5"
-msgstr ""
+msgstr "По умолчанию: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:543
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
+#: sssd.conf.5.xml:546
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
+#: sssd.conf.5.xml:551
 msgid "Currently sssd supports the following values:"
-msgstr ""
+msgstr "В на�то�щее врем� sssd поддерживает �ледующие значени�:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:554
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:557
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
+#: sssd.conf.5.xml:561
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
+#: sssd.conf.5.xml:564
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
+#: sssd.conf.5.xml:568 sssd.8.xml:63
 msgid "Default: 1"
-msgstr ""
+msgstr "По умолчанию: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:573
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:576
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -863,7 +892,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
+#: sssd.conf.5.xml:582
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -872,17 +901,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:596
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:599
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:602
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -890,27 +919,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
+#: sssd.conf.5.xml:608
 msgid "Default: 7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:616
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:618
 msgid "These options can be used to configure the sudo service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
+#: sssd.conf.5.xml:625
 msgid "sudo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
+#: sssd.conf.5.xml:628
 msgid ""
 "For any sudo request that comes while SSSD is online, the SSSD will attempt "
 "to update the cached rules in order to ensure that sudo has the latest "
@@ -918,7 +947,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:634
 msgid ""
 "The user may, however, run a couple of sudo commands successively, which "
 "would trigger multiple LDAP requests.  In order to speed up this use-case, "
@@ -927,71 +956,71 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
+#: sssd.conf.5.xml:641
 msgid ""
 "This option controls how long (in seconds) can the sudo service cache rules "
 "for a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:645
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
+#: sssd.conf.5.xml:650
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:653
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:666
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:668
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
+#: sssd.conf.5.xml:676
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
+#: sssd.conf.5.xml:679
 msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
+"Specifies for how many seconds should the autofs responder negative cache "
+"hits (that is, queries for invalid map entries, like nonexistent ones) "
 "before asking the back end again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:696
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:703
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
+#: sssd.conf.5.xml:706
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:711
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1000,56 +1029,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:718
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:724
 msgid "timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:727
 msgid ""
 "Timeout in seconds between heartbeats for this domain.  This is used to "
 "ensure that the backend process is alive and capable of answering requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
+#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
 msgid "Default: 10"
-msgstr ""
+msgstr "По умолчанию: 10"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:738
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:741
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
+#: sssd.conf.5.xml:745
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:748
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
+#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
 msgid "Default: FALSE"
-msgstr ""
+msgstr "По умолчанию: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:754
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1059,14 +1088,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
+#: sssd.conf.5.xml:764
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
+#: sssd.conf.5.xml:769
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -1075,98 +1104,98 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:780
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:783
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
+#: sssd.conf.5.xml:787
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
+#: sssd.conf.5.xml:793
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
+#: sssd.conf.5.xml:796
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
+#: sssd.conf.5.xml:839
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
+#: sssd.conf.5.xml:806
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
+#: sssd.conf.5.xml:809
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:819
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:822
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:832
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:835
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:845
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:848
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:852
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:861
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:864
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -1175,47 +1204,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
+#: sssd.conf.5.xml:871
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
+#: sssd.conf.5.xml:877
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:880
 msgid "The Data Provider identity backend to use for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
+#: sssd.conf.5.xml:884
 msgid "Supported backends:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
+#: sssd.conf.5.xml:887
 msgid "proxy: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
+#: sssd.conf.5.xml:890
 msgid "local: SSSD internal local provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:893
 msgid "ldap: LDAP provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:899
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
+#: sssd.conf.5.xml:902
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1224,19 +1253,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:915
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:918
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:922
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1244,7 +1273,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:929
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1252,30 +1281,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:936
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:939
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:942
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
+#: sssd.conf.5.xml:948
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:951
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -1283,17 +1312,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:957
 msgid "<quote>permit</quote> always allow access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:960
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
+#: sssd.conf.5.xml:963
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1302,24 +1331,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:970
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:975
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:978
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
+#: sssd.conf.5.xml:983
 msgid ""
 "<quote>ipa</quote> to change a password stored in an IPA server.  See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1327,7 +1356,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:991
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1335,7 +1364,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
+#: sssd.conf.5.xml:999
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1343,35 +1372,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:1007
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
+#: sssd.conf.5.xml:1011
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
+#: sssd.conf.5.xml:1014
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1021
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1027
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1031
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1379,29 +1408,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1038
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1041
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1047
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1050
 msgid ""
 "The provider which should handle loading of session settings.  Supported "
 "session providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1055
 msgid ""
 "<quote>ipa</quote> to load session settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1409,66 +1438,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1063
 msgid "<quote>none</quote> disallows fetching session settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1066
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "session loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
+#: sssd.conf.5.xml:1073
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1076
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1080
 msgid "Supported values:"
-msgstr ""
+msgstr "Поддерживаемые значени�:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1083
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1086
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1089
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1092
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1095
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1101
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1104
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the DNS "
 "resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1476,51 +1505,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1116
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
+#: sssd.conf.5.xml:1119
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1123
 msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
+msgstr "По умолчанию: и�пользовать доменное им� из hostname"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1129
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1132
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
+#: sssd.conf.5.xml:1138
 msgid "case_sensitive (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1141
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1146
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:698
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1528,29 +1557,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1158
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1161
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1164
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1172
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1175
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1558,19 +1587,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1154
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1187
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1189
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -1578,73 +1607,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1196
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
+#: sssd.conf.5.xml:1199
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
+#: sssd.conf.5.xml:1203
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1208
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:1211
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1216
 msgid "Default: <filename>/home</filename>"
-msgstr ""
+msgstr "По умолчанию: <filename>/home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
+#: sssd.conf.5.xml:1221
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
+#: sssd.conf.5.xml:1224
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
+#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
 msgid "Default: TRUE"
-msgstr ""
+msgstr "По умолчанию: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1233
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
+#: sssd.conf.5.xml:1236
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
+#: sssd.conf.5.xml:1245
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1248
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1652,17 +1681,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
+#: sssd.conf.5.xml:1256
 msgid "Default: 077"
-msgstr ""
+msgstr "По умолчанию: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1261
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1264
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -1671,17 +1700,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
+#: sssd.conf.5.xml:1274
 msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
+msgstr "По умолчанию: <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
+#: sssd.conf.5.xml:1279
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1282
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -1689,17 +1718,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1289
 msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
+msgstr "По умолчанию: <filename>/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
+#: sssd.conf.5.xml:1294
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1297
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -1707,18 +1736,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1303
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
+#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
 #: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
 msgid "EXAMPLE"
-msgstr ""
+msgstr "ПРИМЕР"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -1748,7 +1777,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1315
 msgid ""
 "The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -1757,7 +1786,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1350
 msgid ""
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
 "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1811,7 +1840,7 @@ msgstr ""
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
 #: sssd-krb5.5.xml:63
 msgid "CONFIGURATION OPTIONS"
-msgstr ""
+msgstr "П�Р�МЕТРЫ КО�ФИГУР�ЦИИ"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:60
@@ -1968,7 +1997,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:180
 msgid "Default: rfc2307"
-msgstr ""
+msgstr "По умолчанию: rfc2307"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:186
@@ -1998,7 +2027,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:206
 msgid "password"
-msgstr ""
+msgstr "пароль"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:209
@@ -2035,7 +2064,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:234
 msgid "Default: posixAccount"
-msgstr ""
+msgstr "По умолчанию: posixAccount"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:240
@@ -2095,7 +2124,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:286
 msgid "Default: gecos"
-msgstr ""
+msgstr "По умолчанию: gecos"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:292
@@ -2110,7 +2139,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:299
 msgid "Default: homeDirectory"
-msgstr ""
+msgstr "По умолчанию: homeDirectory"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:305
@@ -2125,7 +2154,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:312
 msgid "Default: loginShell"
-msgstr ""
+msgstr "По умолчанию: loginShell"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:318
@@ -2157,7 +2186,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
 msgid "Default: modifyTimestamp"
-msgstr ""
+msgstr "По умолчанию: modifyTimestamp"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:344
@@ -2233,7 +2262,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:412
 msgid "Default: shadowWarning"
-msgstr ""
+msgstr "По умолчанию: shadowWarning"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:418
@@ -2252,7 +2281,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:431
 msgid "Default: shadowInactive"
-msgstr ""
+msgstr "По умолчанию: shadowInactive"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:437
@@ -2271,7 +2300,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:450
 msgid "Default: shadowExpire"
-msgstr ""
+msgstr "По умолчанию: shadowExpire"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:456
@@ -3796,7 +3825,7 @@ msgstr ""
 #: sssd-ldap.5.xml:1815
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
+"explanation of sudo related attribute semantics, see <citerefentry> "
 "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
 "citerefentry>"
 msgstr ""
@@ -5076,12 +5105,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
+#: sssd.8.xml:117 sss_debuglevel.8.xml:42
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
+#: sssd.8.xml:121 sss_debuglevel.8.xml:46
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -5228,7 +5257,8 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:82
+#: sss_ssh_knownhostsproxy.1.xml:81
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -6174,6 +6204,321 @@ msgid ""
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_cache.8.xml:10 sss_cache.8.xml:15
+msgid "sss_cache"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_cache.8.xml:16
+msgid "perform cache cleanup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_cache.8.xml:21
+msgid ""
+"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_cache.8.xml:31
+msgid ""
+"<command>sss_cache</command> invalidates records in SSSD cache.  Invalidated "
+"records are forced to be reloaded from server as soon as related SSSD "
+"backend is online."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:42
+msgid ""
+"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:47
+msgid "Invalidate specific user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:53
+msgid "<option>-U</option>,<option>--users</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:57
+msgid ""
+"Invalidate all user records. This option overrides invalidation of specific "
+"user if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:64
+msgid ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:69
+msgid "Invalidate specific group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:75
+msgid "<option>-G</option>,<option>--groups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:79
+msgid ""
+"Invalidate all group records. This option overrides invalidation of specific "
+"group if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:86
+msgid ""
+"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:91
+msgid "Invalidate specific netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:97
+msgid "<option>-N</option>,<option>--netgroups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:101
+msgid ""
+"Invalidate all netgroup records. This option overrides invalidation of "
+"specific netgroup if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:108
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:113
+msgid "Restrict invalidation process only to a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
+msgid "sss_debuglevel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_debuglevel.8.xml:16
+msgid "change debug level while SSSD is running"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_debuglevel.8.xml:21
+msgid ""
+"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
+"replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_debuglevel.8.xml:32
+msgid ""
+"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
+"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
+"running."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_debuglevel.8.xml:59
+msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
+msgid "sss_ssh_authorizedkeys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
+msgid "1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_authorizedkeys.1.xml:16
+msgid "get OpenSSH authorized keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_authorizedkeys.1.xml:21
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>USER</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:32
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
+"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
+"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> for more information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:41
+msgid ""
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
+"command> for public key user authentication if it is compiled with support "
+"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
+"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:58
+#, no-wrap
+msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:51
+msgid ""
+"If <quote>AuthorizedKeysCommand</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by putting the following directive "
+"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:69
+#, no-wrap
+msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:62
+msgid ""
+"If <quote>PubkeyAgent</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by using the following directive "
+"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:87
+msgid ""
+"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:98
+msgid ""
+"<citerefentry> <refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sshd_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
+msgid "sss_ssh_knownhostsproxy"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_knownhostsproxy.1.xml:16
+msgid "get OpenSSH host keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_knownhostsproxy.1.xml:21
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
+"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:33
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
+"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
+"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
+"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> for more information)  <filename>/var/lib/sss/"
+"pubconf/known_hosts</filename> and estabilishes connection to the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:43
+msgid ""
+"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
+"create the connection to the host instead of opening a socket."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_knownhostsproxy.1.xml:55
+#, no-wrap
+msgid ""
+"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
+"GlobalKnownHostsFile2 /var/lib/sss/pubconf/known_hosts\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:48
+msgid ""
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</"
+"command> for host key authentication by using the following directives for "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_ssh_knownhostsproxy.1.xml:69
+msgid ""
+"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:74
+msgid ""
+"Use port <replaceable>PORT</replaceable> to connect to the host.  By "
+"default, port 22 is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:86
+msgid ""
+"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:97
+msgid ""
+"<citerefentry> <refentrytitle>ssh</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>ssh_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -6312,3 +6657,113 @@ msgstr ""
 #: include/param_help.xml:7
 msgid "Display help message and exit."
 msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:3
+msgid ""
+"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
+"default value as well as the lowest allowed value, 0xFFF0 is the most "
+"verbose mode. This setting overrides the settings from config file."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:8
+msgid "Currently supported debug levels:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:11
+msgid ""
+"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
+"SSSD from starting up or causes it to cease running."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:15
+msgid ""
+"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
+"the SSSD, but one that indicates that at least one major feature is not "
+"going to work properly."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:20
+msgid ""
+"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
+"particular request or operation has failed."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:24
+msgid ""
+"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
+"percolate down to cause the operation failure of 2."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:28
+msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:31
+msgid "<emphasis>0x0200</emphasis>: Function data."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:34
+msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:37
+msgid ""
+"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:40
+msgid ""
+"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
+"may be interesting."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:43
+msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:46
+msgid ""
+"To log required debug levels, simply add their numbers together as shown in "
+"following examples:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:49
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
+"serious failures and function data use 0x0270."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:53
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
+"function data, trace messages for internal control functions use 0x1310."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:57
+msgid ""
+"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
+"1.7.0.  Older format (numbers from 0-10) is compatible but deprecated."
+msgstr ""
+
+#. type: Content of: outside any tag (error?)
+#: include/experimental.xml:1
+msgid ""
+"<emphasis> This is an experimental feature, please use http://fedorahosted."
+"org/sssd to report any issues.  </emphasis>"
+msgstr ""
diff --git a/src/man/po/sk.po b/src/man/po/sk.po
deleted file mode 100644
index 6e1e8faae..000000000
--- a/src/man/po/sk.po
+++ /dev/null
@@ -1,6313 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Slovak (http://www.transifex.net/projects/p/fedora/team/sk/)\n"
-"Language: sk\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/sq.po b/src/man/po/sq.po
deleted file mode 100644
index 092736518..000000000
--- a/src/man/po/sq.po
+++ /dev/null
@@ -1,6314 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Albanian (http://www.transifex.net/projects/p/fedora/team/"
-"sq/)\n"
-"Language: sq\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/sr.po b/src/man/po/sr.po
deleted file mode 100644
index a3bf11344..000000000
--- a/src/man/po/sr.po
+++ /dev/null
@@ -1,6314 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Serbian <trans-sr@lists.fedoraproject.org>\n"
-"Language: sr\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
-"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot
index baaf6478b..d2092482f 100644
--- a/src/man/po/sssd-docs.pot
+++ b/src/man/po/sssd-docs.pot
@@ -6,9 +6,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.7.91\n"
+"Project-Id-Version: sssd-docs 1.8.90\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
+"POT-Creation-Date: 2012-03-12 16:37-0300\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -18,7 +18,7 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 
 #. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 sss_usermod.8.xml:5
+#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_ssh_authorizedkeys.1.xml:5 sss_ssh_knownhostsproxy.1.xml:5
 msgid "SSSD Manual pages"
 msgstr ""
 
@@ -28,7 +28,7 @@ msgid "sss_groupmod"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11
+#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11 sss_debuglevel.8.xml:11
 msgid "8"
 msgstr ""
 
@@ -46,7 +46,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44 sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44 sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31
 msgid "DESCRIPTION"
 msgstr ""
 
@@ -58,7 +58,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_ssh_authorizedkeys.1.xml:78 sss_ssh_knownhostsproxy.1.xml:65
 msgid "OPTIONS"
 msgstr ""
 
@@ -93,7 +93,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103 sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 sss_usermod.8.xml:138
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096 pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103 sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:95
 msgid "SEE ALSO"
 msgstr ""
 
@@ -200,7 +200,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
 msgid "Section parameters"
 msgstr ""
 
@@ -428,7 +428,7 @@ msgid "Add a timestamp to the debug messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328 sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
 msgid "Default: true"
 msgstr ""
 
@@ -443,18 +443,38 @@ msgid "Add microseconds to the timestamp in debug messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602 sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
 msgid "Default: false"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:270
-msgid "command (string)"
+msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:273
 msgid ""
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:282
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:287
+msgid "command (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:290
+msgid ""
 "By default, the executable representing this service is called "
 "<command>sssd_${service_name}</command>.  This directive allows to change "
 "the executable name for the service. In the vast majority of configurations, "
@@ -462,46 +482,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
+#: sssd.conf.5.xml:298
 msgid "Default: <command>sssd_${service_name}</command>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
+#: sssd.conf.5.xml:306
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:308
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) "
 "service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
+#: sssd.conf.5.xml:313
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
+#: sssd.conf.5.xml:316
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
+#: sssd.conf.5.xml:320
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:325
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
+#: sssd.conf.5.xml:328
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -509,7 +529,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:334
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -519,7 +539,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
+#: sssd.conf.5.xml:344
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -528,17 +548,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
+#: sssd.conf.5.xml:352
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
+#: sssd.conf.5.xml:357
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
+#: sssd.conf.5.xml:360
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -546,17 +566,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:371
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:374
 msgid ""
 "Exclude certain users from being fetched from the sss NSS database. This is "
 "particularly useful for system accounts. This option can also be set "
@@ -565,77 +585,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:381
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
+#: sssd.conf.5.xml:386
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
+#: sssd.conf.5.xml:389
 msgid "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:398
 msgid "override_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
 msgid "%u"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
 msgid "login name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
 msgid "%U"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:412
 msgid "UID number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
 msgid "%d"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:416
 msgid "domain name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:419
 msgid "%f"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:420
 msgid "fully qualified user name (user@domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
 msgid "%%"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
 msgid "a literal '%'"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:401
 msgid ""
 "Override the user's home directory. You can either provide an absolute value "
 "or a template. In the template, the following sequences are substituted: "
@@ -643,138 +663,138 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:430
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
+#: sssd.conf.5.xml:435
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
+#: sssd.conf.5.xml:438
 msgid "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
+#: sssd.conf.5.xml:441
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:445
 msgid ""
 "2. If the shell is in the allowed_shells list but not in "
 "<quote>/etc/shells</quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
+#: sssd.conf.5.xml:450
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in "
 "<quote>/etc/shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:455
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:458
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:462
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:467
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:470
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:475
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:478
 msgid ""
 "The default shell to use if an allowed shell is not installed on the "
 "machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:482
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:489
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
+#: sssd.conf.5.xml:491
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:496
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:499
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
+#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
+#: sssd.conf.5.xml:510
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:513
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
+#: sssd.conf.5.xml:523
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
+#: sssd.conf.5.xml:526
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
+#: sssd.conf.5.xml:531
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -782,59 +802,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:543
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
+#: sssd.conf.5.xml:546
 msgid ""
 "Controls what kind of messages are shown to the user during "
 "authentication. The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
+#: sssd.conf.5.xml:551
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:554
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:557
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
+#: sssd.conf.5.xml:561
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
+#: sssd.conf.5.xml:564
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
+#: sssd.conf.5.xml:568 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:573
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:576
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -842,7 +862,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
+#: sssd.conf.5.xml:582
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a "
@@ -852,17 +872,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:596
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:599
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:602
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -870,27 +890,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
+#: sssd.conf.5.xml:608
 msgid "Default: 7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:616
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:618
 msgid "These options can be used to configure the sudo service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
+#: sssd.conf.5.xml:625
 msgid "sudo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
+#: sssd.conf.5.xml:628
 msgid ""
 "For any sudo request that comes while SSSD is online, the SSSD will attempt "
 "to update the cached rules in order to ensure that sudo has the latest "
@@ -898,7 +918,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:634
 msgid ""
 "The user may, however, run a couple of sudo commands successively, which "
 "would trigger multiple LDAP requests.  In order to speed up this use-case, "
@@ -907,71 +927,71 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
+#: sssd.conf.5.xml:641
 msgid ""
 "This option controls how long (in seconds) can the sudo service cache rules "
 "for a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:645
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
+#: sssd.conf.5.xml:650
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:653
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:666
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:668
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
+#: sssd.conf.5.xml:676
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
+#: sssd.conf.5.xml:679
 msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
+"Specifies for how many seconds should the autofs responder negative cache "
+"hits (that is, queries for invalid map entries, like nonexistent ones) "
 "before asking the back end again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:696
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:703
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
+#: sssd.conf.5.xml:706
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:711
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For "
@@ -980,56 +1000,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:718
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:724
 msgid "timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:727
 msgid ""
 "Timeout in seconds between heartbeats for this domain.  This is used to "
 "ensure that the backend process is alive and capable of answering requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
+#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
 msgid "Default: 10"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:738
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:741
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
+#: sssd.conf.5.xml:745
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:748
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
+#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:754
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1039,14 +1059,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
+#: sssd.conf.5.xml:764
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
+#: sssd.conf.5.xml:769
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -1055,97 +1075,97 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:780
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:783
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
+#: sssd.conf.5.xml:787
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
+#: sssd.conf.5.xml:793
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
+#: sssd.conf.5.xml:796
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 sssd.conf.5.xml:822
+#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826 sssd.conf.5.xml:839
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
+#: sssd.conf.5.xml:806
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
+#: sssd.conf.5.xml:809
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:819
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:822
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:832
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:835
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:845
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:848
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:852
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:861
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:864
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -1154,47 +1174,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
+#: sssd.conf.5.xml:871
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
+#: sssd.conf.5.xml:877
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:880
 msgid "The Data Provider identity backend to use for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
+#: sssd.conf.5.xml:884
 msgid "Supported backends:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
+#: sssd.conf.5.xml:887
 msgid "proxy: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
+#: sssd.conf.5.xml:890
 msgid "local: SSSD internal local provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:893
 msgid "ldap: LDAP provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:899
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
+#: sssd.conf.5.xml:902
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified "
 "names. For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1203,19 +1223,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:915
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:918
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:922
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1223,7 +1243,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:929
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1231,29 +1251,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:936
 msgid "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:939
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:942
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
+#: sssd.conf.5.xml:948
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:951
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -1261,17 +1281,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:957
 msgid "<quote>permit</quote> always allow access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:960
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
+#: sssd.conf.5.xml:963
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> "
@@ -1280,24 +1300,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:970
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:975
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:978
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
+#: sssd.conf.5.xml:983
 msgid ""
 "<quote>ipa</quote> to change a password stored in an IPA server.  See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1306,7 +1326,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:991
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
@@ -1315,7 +1335,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
+#: sssd.conf.5.xml:999
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1323,34 +1343,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:1007
 msgid "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
+#: sssd.conf.5.xml:1011
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
+#: sssd.conf.5.xml:1014
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1021
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1027
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1031
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1358,29 +1378,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1038
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1041
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1047
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1050
 msgid ""
 "The provider which should handle loading of session settings.  Supported "
 "session providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1055
 msgid ""
 "<quote>ipa</quote> to load session settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1389,66 +1409,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1063
 msgid "<quote>none</quote> disallows fetching session settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1066
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "session loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
+#: sssd.conf.5.xml:1073
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1076
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1080
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1083
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1086
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1089
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1092
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1095
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1101
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1104
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the DNS "
 "resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1456,51 +1476,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1116
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
+#: sssd.conf.5.xml:1119
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1123
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1129
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1132
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
+#: sssd.conf.5.xml:1138
 msgid "case_sensitive (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1141
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1146
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:698
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called "
@@ -1509,29 +1529,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1158
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1161
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1164
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1172
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1175
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1539,19 +1559,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1154
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1187
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1189
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -1559,73 +1579,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1196
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
+#: sssd.conf.5.xml:1199
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
+#: sssd.conf.5.xml:1203
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1208
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:1211
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1216
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
+#: sssd.conf.5.xml:1221
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
+#: sssd.conf.5.xml:1224
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
+#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1233
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
+#: sssd.conf.5.xml:1236
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
+#: sssd.conf.5.xml:1245
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1248
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1633,17 +1653,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
+#: sssd.conf.5.xml:1256
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1261
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1264
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -1652,17 +1672,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
+#: sssd.conf.5.xml:1274
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
+#: sssd.conf.5.xml:1279
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1282
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -1670,17 +1690,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1289
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
+#: sssd.conf.5.xml:1294
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1297
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -1688,17 +1708,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1303
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
 msgid "EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -1728,7 +1748,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1315
 msgid ""
 "The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -1737,7 +1757,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1350
 msgid ""
 "<citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> "
@@ -3772,7 +3792,7 @@ msgstr ""
 #: sssd-ldap.5.xml:1815
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
+"explanation of sudo related attribute semantics, see <citerefentry> "
 "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> "
 "</citerefentry>"
 msgstr ""
@@ -5062,12 +5082,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
+#: sssd.8.xml:117 sss_debuglevel.8.xml:42
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
+#: sssd.8.xml:121 sss_debuglevel.8.xml:46
 msgid ""
 "Specify a non-default config file. The default is "
 "<filename>/etc/sssd/sssd.conf</filename>. For reference on the config file "
@@ -5219,7 +5239,7 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:82 sss_ssh_knownhostsproxy.1.xml:81
 msgid ""
 "<option>-d</option>,<option>--domain</option> "
 "<replaceable>DOMAIN</replaceable>"
@@ -6188,6 +6208,330 @@ msgid ""
 "</citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_cache.8.xml:10 sss_cache.8.xml:15
+msgid "sss_cache"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_cache.8.xml:16
+msgid "perform cache cleanup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_cache.8.xml:21
+msgid ""
+"<command>sss_cache</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_cache.8.xml:31
+msgid ""
+"<command>sss_cache</command> invalidates records in SSSD cache.  Invalidated "
+"records are forced to be reloaded from server as soon as related SSSD "
+"backend is online."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:42
+msgid "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:47
+msgid "Invalidate specific user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:53
+msgid "<option>-U</option>,<option>--users</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:57
+msgid ""
+"Invalidate all user records. This option overrides invalidation of specific "
+"user if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:64
+msgid ""
+"<option>-g</option>,<option>--group</option> "
+"<replaceable>group</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:69
+msgid "Invalidate specific group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:75
+msgid "<option>-G</option>,<option>--groups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:79
+msgid ""
+"Invalidate all group records. This option overrides invalidation of specific "
+"group if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:86
+msgid ""
+"<option>-n</option>,<option>--netgroup</option> "
+"<replaceable>netgroup</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:91
+msgid "Invalidate specific netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:97
+msgid "<option>-N</option>,<option>--netgroups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:101
+msgid ""
+"Invalidate all netgroup records. This option overrides invalidation of "
+"specific netgroup if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:108
+msgid ""
+"<option>-d</option>,<option>--domain</option> "
+"<replaceable>domain</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:113
+msgid "Restrict invalidation process only to a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
+msgid "sss_debuglevel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_debuglevel.8.xml:16
+msgid "change debug level while SSSD is running"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_debuglevel.8.xml:21
+msgid ""
+"<command>sss_debuglevel</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>NEW_DEBUG_LEVEL</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_debuglevel.8.xml:32
+msgid ""
+"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
+"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
+"running."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_debuglevel.8.xml:59
+msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
+msgid "sss_ssh_authorizedkeys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
+msgid "1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_authorizedkeys.1.xml:16
+msgid "get OpenSSH authorized keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_authorizedkeys.1.xml:21
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>USER</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:32
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
+"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
+"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
+"<citerefentry><refentrytitle>sshd</refentrytitle> "
+"<manvolnum>8</manvolnum></citerefentry> for more information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:41
+msgid ""
+"<citerefentry><refentrytitle>sshd</refentrytitle> "
+"<manvolnum>8</manvolnum></citerefentry> can be configured to use "
+"<command>sss_ssh_authorizedkeys</command> for public key user authentication "
+"if it is compiled with support for either "
+"<quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</quote> "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:58
+#, no-wrap
+msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:51
+msgid ""
+"If <quote>AuthorizedKeysCommand</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> "
+"<manvolnum>8</manvolnum></citerefentry> can be configured to use it by "
+"putting the following directive in <citerefentry> "
+"<refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder "
+"type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:69
+#, no-wrap
+msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:62
+msgid ""
+"If <quote>PubkeyAgent</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> "
+"<manvolnum>8</manvolnum></citerefentry> can be configured to use it by using "
+"the following directive for <citerefentry> "
+"<refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> "
+"configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:87
+msgid ""
+"Search for user public keys in SSSD domain "
+"<replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:98
+msgid ""
+"<citerefentry> <refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sshd_config</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle><manvolnum>1</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
+msgid "sss_ssh_knownhostsproxy"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_knownhostsproxy.1.xml:16
+msgid "get OpenSSH host keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_knownhostsproxy.1.xml:21
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
+"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:33
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
+"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
+"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
+"of <citerefentry><refentrytitle>sshd</refentrytitle> "
+"<manvolnum>8</manvolnum></citerefentry> for more information)  "
+"<filename>/var/lib/sss/pubconf/known_hosts</filename> and estabilishes "
+"connection to the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:43
+msgid ""
+"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
+"create the connection to the host instead of opening a socket."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_knownhostsproxy.1.xml:55
+#, no-wrap
+msgid ""
+"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
+"GlobalKnownHostsFile2 /var/lib/sss/pubconf/known_hosts\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:48
+msgid ""
+"<citerefentry><refentrytitle>ssh</refentrytitle> "
+"<manvolnum>1</manvolnum></citerefentry> can be configured to use "
+"<command>sss_ssh_knownhostsproxy</command> for host key authentication by "
+"using the following directives for "
+"<citerefentry><refentrytitle>ssh</refentrytitle> "
+"<manvolnum>1</manvolnum></citerefentry> configuration: <placeholder "
+"type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_ssh_knownhostsproxy.1.xml:69
+msgid "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:74
+msgid ""
+"Use port <replaceable>PORT</replaceable> to connect to the host.  By "
+"default, port 22 is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:86
+msgid ""
+"Search for host public keys in SSSD domain "
+"<replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:97
+msgid ""
+"<citerefentry> <refentrytitle>ssh</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>ssh_config</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle><manvolnum>1</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -6325,3 +6669,112 @@ msgstr ""
 #: include/param_help.xml:7
 msgid "Display help message and exit."
 msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:3
+msgid ""
+"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
+"default value as well as the lowest allowed value, 0xFFF0 is the most "
+"verbose mode. This setting overrides the settings from config file."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:8
+msgid "Currently supported debug levels:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:11
+msgid ""
+"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
+"SSSD from starting up or causes it to cease running."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:15
+msgid ""
+"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
+"the SSSD, but one that indicates that at least one major feature is not "
+"going to work properly."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:20
+msgid ""
+"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
+"particular request or operation has failed."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:24
+msgid ""
+"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
+"percolate down to cause the operation failure of 2."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:28
+msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:31
+msgid "<emphasis>0x0200</emphasis>: Function data."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:34
+msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:37
+msgid "<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:40
+msgid ""
+"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
+"may be interesting."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:43
+msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:46
+msgid ""
+"To log required debug levels, simply add their numbers together as shown in "
+"following examples:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:49
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
+"serious failures and function data use 0x0270."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:53
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
+"function data, trace messages for internal control functions use 0x1310."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:57
+msgid ""
+"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
+"1.7.0.  Older format (numbers from 0-10) is compatible but deprecated."
+msgstr ""
+
+#. type: Content of: outside any tag (error?)
+#: include/experimental.xml:1
+msgid ""
+"<emphasis> This is an experimental feature, please use "
+"http://fedorahosted.org/sssd to report any issues.  </emphasis>"
+msgstr ""
diff --git a/src/man/po/ta.po b/src/man/po/ta.po
deleted file mode 100644
index 2a82aa68b..000000000
--- a/src/man/po/ta.po
+++ /dev/null
@@ -1,6313 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Tamil <tamil-users@lists.fedoraproject.org>\n"
-"Language: ta\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/pl.po b/src/man/po/tg.po
index 1392c60b1..7c0b0db94 100644
--- a/src/man/po/pl.po
+++ b/src/man/po/tg.po
@@ -7,23 +7,25 @@ msgid ""
 msgstr ""
 "Project-Id-Version: SSSD\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2011-12-21 10:12+0000\n"
+"POT-Creation-Date: 2012-03-12 16:37-0300\n"
+"PO-Revision-Date: 2012-03-08 11:52+0000\n"
 "Last-Translator: sgallagh <sgallagh@redhat.com>\n"
-"Language-Team: Polish (http://www.transifex.net/projects/p/fedora/team/pl/)\n"
-"Language: pl\n"
+"Language-Team: Tajik (http://www.transifex.net/projects/p/fedora/language/"
+"tg/)\n"
+"Language: tg\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
-"|| n%100>=20) ? 1 : 2)\n"
+"Plural-Forms: nplurals=2; plural=(n != 1)\n"
 
 #. type: Content of: <reference><title>
 #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
 #: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
 #: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
+#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5
+#: sss_debuglevel.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_ssh_knownhostsproxy.1.xml:5
 msgid "SSSD Manual pages"
 msgstr ""
 
@@ -36,9 +38,10 @@ msgstr ""
 #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
+#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11
+#: sss_debuglevel.8.xml:11
 msgid "8"
-msgstr ""
+msgstr "8"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_groupmod.8.xml:16
@@ -59,8 +62,10 @@ msgstr ""
 #: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
 #: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
 #: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
+#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_ssh_authorizedkeys.1.xml:30
+#: sss_ssh_knownhostsproxy.1.xml:31
 msgid "DESCRIPTION"
-msgstr ""
+msgstr "Ш�РҲ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_groupmod.8.xml:32
@@ -73,8 +78,10 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
+#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_ssh_authorizedkeys.1.xml:78
+#: sss_ssh_knownhostsproxy.1.xml:65
 msgid "OPTIONS"
-msgstr ""
+msgstr "ИМКО�ОТҲО"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
@@ -106,12 +113,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
 #: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
+#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sss_ssh_knownhostsproxy.1.xml:95
 msgid "SEE ALSO"
 msgstr ""
 
@@ -138,7 +146,7 @@ msgstr ""
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
 msgid "5"
-msgstr ""
+msgstr "5"
 
 #. type: Content of: <reference><refentry><refmeta><refmiscinfo>
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
@@ -155,7 +163,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd.conf.5.xml:21
 msgid "FILE FORMAT"
-msgstr ""
+msgstr "Формати файл"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd.conf.5.xml:29
@@ -215,7 +223,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
 msgid "Section parameters"
 msgstr ""
 
@@ -263,7 +271,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:102 sssd.conf.5.xml:265
 msgid "Default: 3"
-msgstr ""
+msgstr "Пешфарз: 3"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:107
@@ -379,8 +387,6 @@ msgid ""
 "Directory on the filesystem where SSSD should store Kerberos replay cache "
 "files."
 msgstr ""
-"Katalog w systemie plików, w którym SSSD powinno przechowywać pliki pamięci "
-"podręcznej odtwarzania Kerberosa."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:197
@@ -447,10 +453,10 @@ msgid "Add a timestamp to the debug messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
 #: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
 msgid "Default: true"
-msgstr ""
+msgstr "Пешфарз: true"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:246
@@ -463,21 +469,41 @@ msgid "Add microseconds to the timestamp in debug messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
+#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
 #: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
 #: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
 #: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
 msgid "Default: false"
-msgstr ""
+msgstr "Пешфарз: false"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:270
-msgid "command (string)"
+msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:273
 msgid ""
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:282
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:287
+msgid "command (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:290
+msgid ""
 "By default, the executable representing this service is called <command>sssd_"
 "${service_name}</command>.  This directive allows to change the executable "
 "name for the service. In the vast majority of configurations, the default "
@@ -485,45 +511,45 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
+#: sssd.conf.5.xml:298
 msgid "Default: <command>sssd_${service_name}</command>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
+#: sssd.conf.5.xml:306
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:308
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
+#: sssd.conf.5.xml:313
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
+#: sssd.conf.5.xml:316
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
+#: sssd.conf.5.xml:320
 msgid "Default: 120"
-msgstr ""
+msgstr "Пешфарз: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:325
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
+#: sssd.conf.5.xml:328
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -531,7 +557,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:334
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -541,7 +567,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
+#: sssd.conf.5.xml:344
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -550,17 +576,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
+#: sssd.conf.5.xml:352
 msgid "Default: 50"
-msgstr ""
+msgstr "Пешфарз: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
+#: sssd.conf.5.xml:357
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
+#: sssd.conf.5.xml:360
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -568,17 +594,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
 msgid "Default: 15"
-msgstr ""
+msgstr "Пешфарз: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:371
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:374
 msgid ""
 "Exclude certain users from being fetched from the sss NSS database. This is "
 "particularly useful for system accounts. This option can also be set per-"
@@ -587,78 +613,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:381
 msgid "Default: root"
-msgstr ""
+msgstr "Пешфарз: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
+#: sssd.conf.5.xml:386
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
+#: sssd.conf.5.xml:389
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:398
 msgid "override_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
 msgid "%u"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
 msgid "login name"
-msgstr ""
+msgstr "�оми логин"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
 msgid "%U"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:412
 msgid "UID number"
-msgstr ""
+msgstr "Рақами UID"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
 msgid "%d"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:416
 msgid "domain name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:419
 msgid "%f"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:420
 msgid "fully qualified user name (user@domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
 msgid "%%"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
 msgid "a literal '%'"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:401
 msgid ""
 "Override the user's home directory. You can either provide an absolute value "
 "or a template. In the template, the following sequences are substituted: "
@@ -666,138 +692,138 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:430
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
+#: sssd.conf.5.xml:435
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
+#: sssd.conf.5.xml:438
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
+#: sssd.conf.5.xml:441
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:445
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
+#: sssd.conf.5.xml:450
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:455
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:458
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:462
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:467
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:470
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:475
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:478
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:482
 msgid "Default: /bin/sh"
-msgstr ""
+msgstr "Пешфарз: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:489
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
+#: sssd.conf.5.xml:491
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:496
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:499
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
+#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
 msgid "Default: 0 (No limit)"
-msgstr ""
+msgstr "Пешфарз: 0 (�омаҳдуд)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
+#: sssd.conf.5.xml:510
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:513
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
+#: sssd.conf.5.xml:523
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
+#: sssd.conf.5.xml:526
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
+#: sssd.conf.5.xml:531
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -805,59 +831,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
 msgid "Default: 5"
-msgstr ""
+msgstr "Пешфарз: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:543
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
+#: sssd.conf.5.xml:546
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
+#: sssd.conf.5.xml:551
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:554
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:557
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
+#: sssd.conf.5.xml:561
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
+#: sssd.conf.5.xml:564
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
+#: sssd.conf.5.xml:568 sssd.8.xml:63
 msgid "Default: 1"
-msgstr ""
+msgstr "Пешфарз: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:573
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:576
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -865,7 +891,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
+#: sssd.conf.5.xml:582
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -874,17 +900,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:596
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:599
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:602
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -892,27 +918,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
+#: sssd.conf.5.xml:608
 msgid "Default: 7"
-msgstr ""
+msgstr "Пешфарз: 7"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:616
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:618
 msgid "These options can be used to configure the sudo service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
+#: sssd.conf.5.xml:625
 msgid "sudo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
+#: sssd.conf.5.xml:628
 msgid ""
 "For any sudo request that comes while SSSD is online, the SSSD will attempt "
 "to update the cached rules in order to ensure that sudo has the latest "
@@ -920,7 +946,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:634
 msgid ""
 "The user may, however, run a couple of sudo commands successively, which "
 "would trigger multiple LDAP requests.  In order to speed up this use-case, "
@@ -929,71 +955,71 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
+#: sssd.conf.5.xml:641
 msgid ""
 "This option controls how long (in seconds) can the sudo service cache rules "
 "for a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:645
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
+#: sssd.conf.5.xml:650
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:653
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:666
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:668
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
+#: sssd.conf.5.xml:676
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
+#: sssd.conf.5.xml:679
 msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
+"Specifies for how many seconds should the autofs responder negative cache "
+"hits (that is, queries for invalid map entries, like nonexistent ones) "
 "before asking the back end again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:696
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:703
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
+#: sssd.conf.5.xml:706
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:711
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1002,56 +1028,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:718
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:724
 msgid "timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:727
 msgid ""
 "Timeout in seconds between heartbeats for this domain.  This is used to "
 "ensure that the backend process is alive and capable of answering requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
+#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
 msgid "Default: 10"
-msgstr ""
+msgstr "Пешфарз: 10"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:738
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:741
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
+#: sssd.conf.5.xml:745
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:748
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
+#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
 msgid "Default: FALSE"
-msgstr ""
+msgstr "Пешфарз: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:754
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1061,14 +1087,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
+#: sssd.conf.5.xml:764
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
+#: sssd.conf.5.xml:769
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -1077,98 +1103,98 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:780
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:783
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
+#: sssd.conf.5.xml:787
 msgid "Default: 5400"
-msgstr ""
+msgstr "Пешфарз: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
+#: sssd.conf.5.xml:793
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
+#: sssd.conf.5.xml:796
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
+#: sssd.conf.5.xml:839
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
+#: sssd.conf.5.xml:806
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
+#: sssd.conf.5.xml:809
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:819
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:822
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:832
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:835
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:845
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:848
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:852
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:861
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:864
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -1177,47 +1203,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
+#: sssd.conf.5.xml:871
 msgid "Default: 0 (unlimited)"
-msgstr ""
+msgstr "Пешфарз: 0 (номаҳдуд)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
+#: sssd.conf.5.xml:877
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:880
 msgid "The Data Provider identity backend to use for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
+#: sssd.conf.5.xml:884
 msgid "Supported backends:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
+#: sssd.conf.5.xml:887
 msgid "proxy: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
+#: sssd.conf.5.xml:890
 msgid "local: SSSD internal local provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:893
 msgid "ldap: LDAP provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:899
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
+#: sssd.conf.5.xml:902
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1226,19 +1252,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:915
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:918
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:922
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1246,7 +1272,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:929
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1254,30 +1280,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:936
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:939
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:942
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
+#: sssd.conf.5.xml:948
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:951
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -1285,17 +1311,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:957
 msgid "<quote>permit</quote> always allow access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:960
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
+#: sssd.conf.5.xml:963
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1304,24 +1330,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:970
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:975
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:978
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
+#: sssd.conf.5.xml:983
 msgid ""
 "<quote>ipa</quote> to change a password stored in an IPA server.  See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1329,7 +1355,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:991
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1337,7 +1363,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
+#: sssd.conf.5.xml:999
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1345,35 +1371,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:1007
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
+#: sssd.conf.5.xml:1011
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
+#: sssd.conf.5.xml:1014
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1021
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1027
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1031
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1381,29 +1407,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1038
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1041
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1047
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1050
 msgid ""
 "The provider which should handle loading of session settings.  Supported "
 "session providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1055
 msgid ""
 "<quote>ipa</quote> to load session settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1411,66 +1437,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1063
 msgid "<quote>none</quote> disallows fetching session settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1066
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "session loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
+#: sssd.conf.5.xml:1073
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1076
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1080
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1083
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1086
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1089
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1092
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1095
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1101
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1104
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the DNS "
 "resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1478,51 +1504,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1116
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
+#: sssd.conf.5.xml:1119
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1123
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1129
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1132
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
+#: sssd.conf.5.xml:1138
 msgid "case_sensitive (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1141
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1146
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:698
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1530,29 +1556,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1158
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1161
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1164
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1172
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1175
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1560,19 +1586,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1154
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1187
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1189
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -1580,73 +1606,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1196
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
+#: sssd.conf.5.xml:1199
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
+#: sssd.conf.5.xml:1203
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1208
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:1211
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1216
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
+#: sssd.conf.5.xml:1221
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
+#: sssd.conf.5.xml:1224
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
+#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
 msgid "Default: TRUE"
-msgstr ""
+msgstr "Пешфарз: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1233
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
+#: sssd.conf.5.xml:1236
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
+#: sssd.conf.5.xml:1245
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1248
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1654,17 +1680,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
+#: sssd.conf.5.xml:1256
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1261
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1264
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -1673,17 +1699,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
+#: sssd.conf.5.xml:1274
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
+#: sssd.conf.5.xml:1279
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1282
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -1691,17 +1717,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1289
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
+#: sssd.conf.5.xml:1294
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1297
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -1709,18 +1735,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1303
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
+#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
 #: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
 msgid "EXAMPLE"
-msgstr ""
+msgstr "��МУ��"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -1750,7 +1776,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1315
 msgid ""
 "The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -1759,7 +1785,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1350
 msgid ""
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
 "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1912,7 +1938,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:126
 msgid "Examples:"
-msgstr ""
+msgstr "�амунаҳо:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:129
@@ -1970,7 +1996,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:180
 msgid "Default: rfc2307"
-msgstr ""
+msgstr "Пешфарз: rfc2307"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:186
@@ -2000,7 +2026,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:206
 msgid "password"
-msgstr ""
+msgstr "парол"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:209
@@ -2010,7 +2036,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:212
 msgid "Default: password"
-msgstr ""
+msgstr "Пешфарз: парол"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:218
@@ -2651,7 +2677,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:795
 msgid "Default: 2"
-msgstr ""
+msgstr "Пешфарз: 2"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:801
@@ -2858,7 +2884,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
 msgid "Default: 6"
-msgstr ""
+msgstr "Пешфарз: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:991
@@ -3193,7 +3219,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1301
 msgid "Default: false;"
-msgstr ""
+msgstr "Пешфарз: false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1307
@@ -3400,7 +3426,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
 msgid "Example:"
-msgstr ""
+msgstr "�амуна:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 #: sssd-ldap.5.xml:1495
@@ -3798,7 +3824,7 @@ msgstr ""
 #: sssd-ldap.5.xml:1815
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
+"explanation of sudo related attribute semantics, see <citerefentry> "
 "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
 "citerefentry>"
 msgstr ""
@@ -4031,7 +4057,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
 msgid "NOTES"
-msgstr ""
+msgstr "ЭЗОҲҲО"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:2087
@@ -4169,7 +4195,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:117
 msgid "FILES"
-msgstr ""
+msgstr "Ф�ЙЛҲО"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: pam_sss.8.xml:118
@@ -5042,7 +5068,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:79
 msgid "Default: 0"
-msgstr ""
+msgstr "Пешфарз: 0"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:85
@@ -5078,12 +5104,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
+#: sssd.8.xml:117 sss_debuglevel.8.xml:42
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
+#: sssd.8.xml:121 sss_debuglevel.8.xml:46
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -5230,7 +5256,8 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:82
+#: sss_ssh_knownhostsproxy.1.xml:81
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -6176,6 +6203,321 @@ msgid ""
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_cache.8.xml:10 sss_cache.8.xml:15
+msgid "sss_cache"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_cache.8.xml:16
+msgid "perform cache cleanup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_cache.8.xml:21
+msgid ""
+"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_cache.8.xml:31
+msgid ""
+"<command>sss_cache</command> invalidates records in SSSD cache.  Invalidated "
+"records are forced to be reloaded from server as soon as related SSSD "
+"backend is online."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:42
+msgid ""
+"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:47
+msgid "Invalidate specific user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:53
+msgid "<option>-U</option>,<option>--users</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:57
+msgid ""
+"Invalidate all user records. This option overrides invalidation of specific "
+"user if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:64
+msgid ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:69
+msgid "Invalidate specific group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:75
+msgid "<option>-G</option>,<option>--groups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:79
+msgid ""
+"Invalidate all group records. This option overrides invalidation of specific "
+"group if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:86
+msgid ""
+"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:91
+msgid "Invalidate specific netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:97
+msgid "<option>-N</option>,<option>--netgroups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:101
+msgid ""
+"Invalidate all netgroup records. This option overrides invalidation of "
+"specific netgroup if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:108
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:113
+msgid "Restrict invalidation process only to a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
+msgid "sss_debuglevel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_debuglevel.8.xml:16
+msgid "change debug level while SSSD is running"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_debuglevel.8.xml:21
+msgid ""
+"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
+"replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_debuglevel.8.xml:32
+msgid ""
+"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
+"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
+"running."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_debuglevel.8.xml:59
+msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
+msgid "sss_ssh_authorizedkeys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
+msgid "1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_authorizedkeys.1.xml:16
+msgid "get OpenSSH authorized keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_authorizedkeys.1.xml:21
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>USER</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:32
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
+"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
+"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> for more information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:41
+msgid ""
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
+"command> for public key user authentication if it is compiled with support "
+"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
+"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:58
+#, no-wrap
+msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:51
+msgid ""
+"If <quote>AuthorizedKeysCommand</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by putting the following directive "
+"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:69
+#, no-wrap
+msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:62
+msgid ""
+"If <quote>PubkeyAgent</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by using the following directive "
+"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:87
+msgid ""
+"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:98
+msgid ""
+"<citerefentry> <refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sshd_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
+msgid "sss_ssh_knownhostsproxy"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_knownhostsproxy.1.xml:16
+msgid "get OpenSSH host keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_knownhostsproxy.1.xml:21
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
+"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:33
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
+"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
+"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
+"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> for more information)  <filename>/var/lib/sss/"
+"pubconf/known_hosts</filename> and estabilishes connection to the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:43
+msgid ""
+"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
+"create the connection to the host instead of opening a socket."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_knownhostsproxy.1.xml:55
+#, no-wrap
+msgid ""
+"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
+"GlobalKnownHostsFile2 /var/lib/sss/pubconf/known_hosts\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:48
+msgid ""
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</"
+"command> for host key authentication by using the following directives for "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_ssh_knownhostsproxy.1.xml:69
+msgid ""
+"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:74
+msgid ""
+"Use port <replaceable>PORT</replaceable> to connect to the host.  By "
+"default, port 22 is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:86
+msgid ""
+"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:97
+msgid ""
+"<citerefentry> <refentrytitle>ssh</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>ssh_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -6191,7 +6533,7 @@ msgstr ""
 #. type: Content of: <refsect1><refsect2><title>
 #: include/service_discovery.xml:9
 msgid "Configuration"
-msgstr ""
+msgstr "Ҷӯр�озӣ"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/service_discovery.xml:11
@@ -6314,3 +6656,113 @@ msgstr ""
 #: include/param_help.xml:7
 msgid "Display help message and exit."
 msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:3
+msgid ""
+"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
+"default value as well as the lowest allowed value, 0xFFF0 is the most "
+"verbose mode. This setting overrides the settings from config file."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:8
+msgid "Currently supported debug levels:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:11
+msgid ""
+"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
+"SSSD from starting up or causes it to cease running."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:15
+msgid ""
+"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
+"the SSSD, but one that indicates that at least one major feature is not "
+"going to work properly."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:20
+msgid ""
+"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
+"particular request or operation has failed."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:24
+msgid ""
+"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
+"percolate down to cause the operation failure of 2."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:28
+msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:31
+msgid "<emphasis>0x0200</emphasis>: Function data."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:34
+msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:37
+msgid ""
+"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:40
+msgid ""
+"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
+"may be interesting."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:43
+msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:46
+msgid ""
+"To log required debug levels, simply add their numbers together as shown in "
+"following examples:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:49
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
+"serious failures and function data use 0x0270."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:53
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
+"function data, trace messages for internal control functions use 0x1310."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:57
+msgid ""
+"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
+"1.7.0.  Older format (numbers from 0-10) is compatible but deprecated."
+msgstr ""
+
+#. type: Content of: outside any tag (error?)
+#: include/experimental.xml:1
+msgid ""
+"<emphasis> This is an experimental feature, please use http://fedorahosted."
+"org/sssd to report any issues.  </emphasis>"
+msgstr ""
diff --git a/src/man/po/tr.po b/src/man/po/tr.po
deleted file mode 100644
index 37f5e62bf..000000000
--- a/src/man/po/tr.po
+++ /dev/null
@@ -1,6314 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Turkish (http://www.transifex.net/projects/p/fedora/team/"
-"tr/)\n"
-"Language: tr\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=1; plural=0\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/uk.po b/src/man/po/uk.po
index 52bdf5c00..164047f7e 100644
--- a/src/man/po/uk.po
+++ b/src/man/po/uk.po
@@ -4,14 +4,14 @@
 #
 # Translators:
 # sgallagh <sgallagh@redhat.com>, 2011.
-# Yuri Chornoivan <yurchor@ukr.net>, 2011.
+# Yuri Chornoivan <yurchor@ukr.net>, 2011, 2012.
 msgid ""
 msgstr ""
 "Project-Id-Version: SSSD\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2011-12-21 10:12+0000\n"
-"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
+"POT-Creation-Date: 2012-03-12 16:37-0300\n"
+"PO-Revision-Date: 2012-03-12 20:08+0000\n"
+"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
 "Language-Team: Ukrainian <trans-uk@lists.fedoraproject.org>\n"
 "Language: uk\n"
 "MIME-Version: 1.0\n"
@@ -25,7 +25,9 @@ msgstr ""
 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
 #: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
 #: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
+#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5
+#: sss_debuglevel.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_ssh_knownhostsproxy.1.xml:5
 msgid "SSSD Manual pages"
 msgstr "Сторінки підручника SSSD"
 
@@ -38,7 +40,8 @@ msgstr "sss_groupmod"
 #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
+#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11
+#: sss_debuglevel.8.xml:11
 msgid "8"
 msgstr "8"
 
@@ -64,6 +67,8 @@ msgstr ""
 #: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
 #: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
 #: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
+#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_ssh_authorizedkeys.1.xml:30
+#: sss_ssh_knownhostsproxy.1.xml:31
 msgid "DESCRIPTION"
 msgstr "ОПИС"
 
@@ -80,6 +85,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
+#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_ssh_authorizedkeys.1.xml:78
+#: sss_ssh_knownhostsproxy.1.xml:65
 msgid "OPTIONS"
 msgstr "П�Р�МЕТРИ"
 
@@ -122,12 +129,13 @@ msgstr ""
 "replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
 #: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
+#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sss_ssh_knownhostsproxy.1.xml:95
 msgid "SEE ALSO"
 msgstr "Т�КОЖ ПЕРЕГЛЯ�ЬТЕ"
 
@@ -258,7 +266,7 @@ msgid "The [sssd] section"
 msgstr "Розділ [sssd]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
 msgid "Section parameters"
 msgstr "Параметри розділу"
 
@@ -294,6 +302,7 @@ msgstr ""
 msgid ""
 "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
 msgstr ""
+"Підтримувані �лужби: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:94 sssd.conf.5.xml:257
@@ -542,7 +551,7 @@ msgid "Add a timestamp to the debug messages"
 msgstr "Додати ча�ову позначку до діагно�тичних повідомлень."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
 #: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
 msgid "Default: true"
 msgstr "Типове значенн�: true"
@@ -559,7 +568,7 @@ msgstr ""
 "Додати значенн� мікро�екунд до ча�ової позначки у діагно�тичних повідомленн�х"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
+#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
 #: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
 #: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
 #: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
@@ -568,11 +577,31 @@ msgstr "Типове значенн�: false"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:270
+msgid "fd_limit"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:273
+msgid ""
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:282
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:287
 msgid "command (string)"
 msgstr "command (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:290
 msgid ""
 "By default, the executable representing this service is called <command>sssd_"
 "${service_name}</command>.  This directive allows to change the executable "
@@ -584,17 +613,17 @@ msgstr ""
 "файла �лужби. Здебільшого потреби у зміні типового значенн� не виникатиме."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
+#: sssd.conf.5.xml:298
 msgid "Default: <command>sssd_${service_name}</command>"
 msgstr "Типове значенн�: <command>sssd_${назва_�лужби}</command>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
+#: sssd.conf.5.xml:306
 msgid "NSS configuration options"
 msgstr "Параметри налаштуванн� NSS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:308
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -602,12 +631,12 @@ msgstr ""
 "Switch (NSS або перемиканн� �лужби визначенн� назв)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
+#: sssd.conf.5.xml:313
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
+#: sssd.conf.5.xml:316
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -616,17 +645,17 @@ msgstr ""
 "кеші nss_sss у �екундах"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
+#: sssd.conf.5.xml:320
 msgid "Default: 120"
 msgstr "Типове значенн�: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:325
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
+#: sssd.conf.5.xml:328
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -637,7 +666,7 @@ msgstr ""
 "entry_cache_timeout дл� домену період ча�у."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:334
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -652,7 +681,7 @@ msgstr ""
 "розблокуванн� пі�л� оновленн� кешу."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
+#: sssd.conf.5.xml:344
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -666,17 +695,17 @@ msgstr ""
 "можливі�ть."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
+#: sssd.conf.5.xml:352
 msgid "Default: 50"
 msgstr "Типове значенн�: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
+#: sssd.conf.5.xml:357
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
+#: sssd.conf.5.xml:360
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -687,17 +716,17 @@ msgstr ""
 "даних, зокрема неі�нуючих) перед повторним запитом до �ервера обробки."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
 msgid "Default: 15"
 msgstr "Типове значенн�: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:371
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:374
 msgid ""
 "Exclude certain users from being fetched from the sss NSS database. This is "
 "particularly useful for system accounts. This option can also be set per-"
@@ -711,17 +740,17 @@ msgstr ""
 "�пи�ку кори�тувачами лише з певного домену."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:381
 msgid "Default: root"
 msgstr "Типове значенн�: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
+#: sssd.conf.5.xml:386
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (булеве значенн�)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
+#: sssd.conf.5.xml:389
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -729,62 +758,62 @@ msgstr ""
 "в�тановіть дл� цього параметра значенн� «false»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:398
 msgid "override_homedir (string)"
 msgstr "override_homedir (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
 msgid "%u"
 msgstr "%u"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
 msgid "login name"
 msgstr "ім'� кори�тувача"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
 msgid "%U"
 msgstr "%U"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:412
 msgid "UID number"
 msgstr "номер UID"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
 msgid "%d"
 msgstr "%d"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:416
 msgid "domain name"
 msgstr "назва домену"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
+#: sssd.conf.5.xml:419
 msgid "%f"
 msgstr "%f"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:420
 msgid "fully qualified user name (user@domain)"
 msgstr "ім’� кори�тувача повні�тю (кори�тувач@домен)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
 msgid "%%"
 msgstr "%%"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
 msgid "a literal '%'"
 msgstr "�имвол від�отків («%»)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:401
 msgid ""
 "Override the user's home directory. You can either provide an absolute value "
 "or a template. In the template, the following sequences are substituted: "
@@ -795,18 +824,18 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:430
 msgid "This option can also be set per-domain."
 msgstr ""
 "Значенн� цього параметра можна в�тановлювати дл� кожного з доменів окремо."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
+#: sssd.conf.5.xml:435
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
+#: sssd.conf.5.xml:438
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -814,13 +843,13 @@ msgstr ""
 "визначенн� оболонки є таким:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
+#: sssd.conf.5.xml:441
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 "1. Якщо оболонку вказано у <quote>/etc/shells</quote>, її буде викори�тано."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
+#: sssd.conf.5.xml:445
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
@@ -830,7 +859,7 @@ msgstr ""
 "shell_fallback."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
+#: sssd.conf.5.xml:450
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
@@ -839,12 +868,12 @@ msgstr ""
 "<quote>/etc/shells</quote>, буде викори�тано оболонку nologin."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:455
 msgid "An empty string for shell is passed as-is to libc."
 msgstr "Порожній р�док оболонки буде передано без обробки до libc."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:458
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
@@ -853,29 +882,29 @@ msgstr ""
 "тобто у разі в�тановленн� нової оболонки �лід перезапу�тити SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:462
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 "Типове значенн�: не в�тановлено. �втоматично викори�товуєть�� оболонка "
 "кори�тувача."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:467
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:470
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr "Замінити в�і запи�и цих оболонок на shell_fallback"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:475
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:478
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
@@ -883,17 +912,17 @@ msgstr ""
 "�и�темі не в�тановлено."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:482
 msgid "Default: /bin/sh"
 msgstr "Типове значенн�: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:489
 msgid "PAM configuration options"
 msgstr "Параметри налаштуванн� PAM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
+#: sssd.conf.5.xml:491
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -902,12 +931,12 @@ msgstr ""
 "Authentication Module (PAM або блокового модул� розпізнаванн�)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
+#: sssd.conf.5.xml:496
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:499
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -917,17 +946,17 @@ msgstr ""
 "входу до �и�теми)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
+#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
 msgid "Default: 0 (No limit)"
 msgstr "Типове значенн�: 0 (без обмежень)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
+#: sssd.conf.5.xml:510
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:513
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -936,12 +965,12 @@ msgstr ""
 "дозволену кількі�ть �проб входу з визначенн�м помилкового парол�."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
+#: sssd.conf.5.xml:523
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
+#: sssd.conf.5.xml:526
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -951,7 +980,7 @@ msgstr ""
 "�и�теми."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
+#: sssd.conf.5.xml:531
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -963,17 +992,17 @@ msgstr ""
 "увімкнути можливі�ть автономного розпізнаванн�."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
 msgid "Default: 5"
 msgstr "Типове значенн�: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:543
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
+#: sssd.conf.5.xml:546
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -982,43 +1011,43 @@ msgstr ""
 "розпізнаванн�. Чим більшим є значенн�, тим більше повідомлень буде показано."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
+#: sssd.conf.5.xml:551
 msgid "Currently sssd supports the following values:"
 msgstr "У поточній вер�ії sssd передбачено підтримку таких значень:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:554
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis>: не показувати жодних повідомлень"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:557
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis>: показувати лише важливі повідомленн�"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
+#: sssd.conf.5.xml:561
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis>: показувати в�і інформаційні повідомленн�"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
+#: sssd.conf.5.xml:564
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 "<emphasis>3</emphasis>: показувати в�і повідомленн� та діагно�тичні дані"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
+#: sssd.conf.5.xml:568 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Типове значенн�: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:573
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:576
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1029,7 +1058,7 @@ msgstr ""
 "що розпізнаванн� виконуєть�� на о�нові най�віжіших даних."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
+#: sssd.conf.5.xml:582
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1043,18 +1072,18 @@ msgstr ""
 "наданн� даних профілів."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
+#: sssd.conf.5.xml:596
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:599
 msgid "Display a warning N days before the password expires."
 msgstr ""
 "Показати попередженн� за вказану кількі�ть днів перед завершенн�м дії парол�."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:602
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1065,133 +1094,116 @@ msgstr ""
 "попередженн�."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
+#: sssd.conf.5.xml:608
 msgid "Default: 7"
 msgstr "Типове значенн�: 7"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-#, fuzzy
-#| msgid "NSS configuration options"
+#: sssd.conf.5.xml:616
 msgid "SUDO configuration options"
-msgstr "Параметри налаштуванн� NSS"
+msgstr "Параметри налаштуванн� SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-#, fuzzy
-#| msgid "These options can be used to configure any service."
+#: sssd.conf.5.xml:618
 msgid "These options can be used to configure the sudo service."
-msgstr "Цими параметрами можна �кори�тати�� дл� налаштуванн� будь-�ких �лужб."
+msgstr "Цими параметрами можна �кори�тати�� дл� налаштуванн� �лужби sudo."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-#, fuzzy
-#| msgid "enum_cache_timeout (integer)"
+#: sssd.conf.5.xml:625
 msgid "sudo_cache_timeout (integer)"
-msgstr "enum_cache_timeout (ціле чи�ло)"
+msgstr "sudo_cache_timeout (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-#, fuzzy
-#| msgid ""
-#| "For any PAM request while SSSD is online, the SSSD will attempt to "
-#| "immediately update the cached identity information for the user in order "
-#| "to ensure that authentication takes place with the latest information."
+#: sssd.conf.5.xml:628
 msgid ""
 "For any sudo request that comes while SSSD is online, the SSSD will attempt "
 "to update the cached rules in order to ensure that sudo has the latest "
 "ruleset."
 msgstr ""
-"Дл� кожного з запитів PAM під ча� роботи SSSD �и�тема SSSD зробить �пробу "
-"негайно оновити кешовані дані щодо профілю кори�тувача з метою переконати��, "
-"що розпізнаванн� виконуєть�� на о�нові най�віжіших даних."
+"У відповідь на кожен запит до sudo, �кий надходить прот�гом ча�у роботи "
+"SSSD, SSSD намагатиметь�� оновити кешовані правила з метою забезпеченн� "
+"викори�танн� у sudo най�віжішого набору правил."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:634
 msgid ""
 "The user may, however, run a couple of sudo commands successively, which "
 "would trigger multiple LDAP requests.  In order to speed up this use-case, "
 "the sudo service maintains an in-memory cache that would be used for "
 "performing fast replies."
 msgstr ""
+"Втім, кори�тувач може віддати декілька по�лідовних команд sudo, �проба "
+"виконанн� �ких призведе до одноча�ного над�иланн� декількох запитів до LDAP. "
+"У такому разі з метою пришвидшенн� обробки �лужба sudo кори�туватиметь�� "
+"кешем у пам’�ті, �кий викори�товуватиметь�� дл� формуванн� швидких "
+"відповідей."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
+#: sssd.conf.5.xml:641
 msgid ""
 "This option controls how long (in seconds) can the sudo service cache rules "
 "for a user."
 msgstr ""
+"За допомогою цього параметра можна визначити тривалі�ть (у �екундах) "
+"зберіганн� �лужбою sudo паролів у кеші."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-#, fuzzy
-#| msgid "Default: 10"
+#: sssd.conf.5.xml:645
 msgid "Default: 180"
-msgstr "Типове значенн�: 10"
+msgstr "Типове значенн�: 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-#, fuzzy
-#| msgid "debug_timestamps (bool)"
+#: sssd.conf.5.xml:650
 msgid "sudo_timed (bool)"
-msgstr "debug_timestamps (булеве значенн�)"
+msgstr "sudo_timed (булеве значенн�)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:653
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
+"Визначає, чи �лід обробл�ти атрибути sudoNotBefore і sudoNotAfter, "
+"призначені дл� визначенн� ча�ових обмежень дл� запи�ів sudoers."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-#, fuzzy
-#| msgid "NSS configuration options"
+#: sssd.conf.5.xml:666
 msgid "AUTOFS configuration options"
-msgstr "Параметри налаштуванн� NSS"
+msgstr "Параметри налаштуванн� AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-#, fuzzy
-#| msgid "These options can be used to configure any service."
+#: sssd.conf.5.xml:668
 msgid "These options can be used to configure the autofs service."
-msgstr "Цими параметрами можна �кори�тати�� дл� налаштуванн� будь-�ких �лужб."
+msgstr "Цими параметрами можна �кори�тати�� дл� налаштуванн� �лужби autofs."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-#, fuzzy
-#| msgid "entry_negative_timeout (integer)"
+#: sssd.conf.5.xml:676
 msgid "autofs_negative_timeout (integer)"
-msgstr "entry_negative_timeout (ціле чи�ло)"
+msgstr "autofs_negative_timeout (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-#, fuzzy
-#| msgid ""
-#| "Specifies for how many seconds nss_sss should cache negative cache hits "
-#| "(that is, queries for invalid database entries, like nonexistent ones)  "
-#| "before asking the back end again."
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
+#: sssd.conf.5.xml:679
+msgid ""
+"Specifies for how many seconds should the autofs responder negative cache "
+"hits (that is, queries for invalid map entries, like nonexistent ones) "
 "before asking the back end again."
 msgstr ""
-"Визначає кількі�ть �екунд, прот�гом �ких nss_sss має кешувати негативні "
-"результати пошуку у кеші (тобто запити щодо некоректних запи�ів у базі "
-"даних, зокрема неі�нуючих) перед повторним запитом до �ервера обробки."
+"Визначає кількі�ть �екунд, прот�гом �ких відповідач autofs має кешувати "
+"негативні результати пошуку у кеші (тобто запити щодо некоректних запи�ів у "
+"базі даних, зокрема неі�нуючих) перед повторним запитом до �ервера обробки."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:696
 msgid "DOMAIN SECTIONS"
 msgstr "РОЗДІЛИ ДОМЕ�ІВ"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
+#: sssd.conf.5.xml:703
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (ціле значенн�)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
+#: sssd.conf.5.xml:706
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -1200,7 +1212,7 @@ msgstr ""
 "відповідає цим обмеженн�м, його буде проігноровано."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:711
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1213,17 +1225,17 @@ msgstr ""
 "о�новної групи і належать діапазону, буде виведено у звичайному режимі."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:718
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Типові значенн�: 1 дл� min_id, 0 (без обмежень) дл� max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:724
 msgid "timeout (integer)"
 msgstr "timeout (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
+#: sssd.conf.5.xml:727
 msgid ""
 "Timeout in seconds between heartbeats for this domain.  This is used to "
 "ensure that the backend process is alive and capable of answering requests."
@@ -1232,17 +1244,17 @@ msgstr ""
 "забезпеченн� роботи проце�у о�новного модул�, �кий має відповідати на запити."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
+#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
 msgid "Default: 10"
 msgstr "Типове значенн�: 10"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:738
 msgid "enumerate (bool)"
 msgstr "enumerate (булеве значенн�)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:741
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
@@ -1251,22 +1263,22 @@ msgstr ""
 "значень:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
+#: sssd.conf.5.xml:745
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = кори�тувачі і групи нумерують��"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:748
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = не викори�товувати нумерацію дл� цього домену"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
+#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
 msgid "Default: FALSE"
 msgstr "Типове значенн�: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
+#: sssd.conf.5.xml:754
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1281,7 +1293,7 @@ msgstr ""
 "�и�теми виконанн�м нумерації."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
+#: sssd.conf.5.xml:764
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -1291,7 +1303,7 @@ msgstr ""
 "завершено."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
+#: sssd.conf.5.xml:769
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -1305,12 +1317,12 @@ msgstr ""
 "відповідного викори�таного за�обу обробки ідентифікаторів (id_provider)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:780
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
+#: sssd.conf.5.xml:783
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -1319,124 +1331,98 @@ msgstr ""
 "над�илати повторний запит до �ервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
+#: sssd.conf.5.xml:787
 msgid "Default: 5400"
 msgstr "Типове значенн�: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-#, fuzzy
-#| msgid "entry_cache_timeout (integer)"
+#: sssd.conf.5.xml:793
 msgid "entry_cache_user_timeout (integer)"
-msgstr "entry_cache_timeout (ціле чи�ло)"
+msgstr "entry_cache_user_timeout (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-#, fuzzy
-#| msgid ""
-#| "How many seconds should nss_sss consider entries valid before asking the "
-#| "backend again"
+#: sssd.conf.5.xml:796
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
-"Кількі�ть �екунд, прот�гом �ких nss_sss вважатиме запи�и чинними, перш ніж "
-"над�илати повторний запит до �ервера"
+"Кількі�ть �екунд, прот�гом �ких nss_sss вважатиме запи�и кори�тувачів "
+"чинними, перш ніж над�илати повторний запит до �ервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-#, fuzzy
-#| msgid "entry_cache_timeout (integer)"
+#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
+#: sssd.conf.5.xml:839
 msgid "Default: entry_cache_timeout"
-msgstr "entry_cache_timeout (ціле чи�ло)"
+msgstr "Типове значенн�: entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-#, fuzzy
-#| msgid "entry_cache_timeout (integer)"
+#: sssd.conf.5.xml:806
 msgid "entry_cache_group_timeout (integer)"
-msgstr "entry_cache_timeout (ціле чи�ло)"
+msgstr "entry_cache_group_timeout (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-#, fuzzy
-#| msgid ""
-#| "How many seconds should nss_sss consider entries valid before asking the "
-#| "backend again"
+#: sssd.conf.5.xml:809
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
-"Кількі�ть �екунд, прот�гом �ких nss_sss вважатиме запи�и чинними, перш ніж "
-"над�илати повторний запит до �ервера"
+"Кількі�ть �екунд, прот�гом �ких nss_sss вважатиме запи�и груп чинними, перш "
+"ніж над�илати повторний запит до �ервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-#, fuzzy
-#| msgid "entry_cache_timeout (integer)"
+#: sssd.conf.5.xml:819
 msgid "entry_cache_netgroup_timeout (integer)"
-msgstr "entry_cache_timeout (ціле чи�ло)"
+msgstr "entry_cache_netgroup_timeout (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-#, fuzzy
-#| msgid ""
-#| "How many seconds should nss_sss consider entries valid before asking the "
-#| "backend again"
+#: sssd.conf.5.xml:822
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
-"Кількі�ть �екунд, прот�гом �ких nss_sss вважатиме запи�и чинними, перш ніж "
-"над�илати повторний запит до �ервера"
+"Кількі�ть �екунд, прот�гом �ких nss_sss вважатиме запи�и мережевих груп "
+"чинними, перш ніж над�илати повторний запит до �ервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-#, fuzzy
-#| msgid "entry_cache_timeout (integer)"
+#: sssd.conf.5.xml:832
 msgid "entry_cache_service_timeout (integer)"
-msgstr "entry_cache_timeout (ціле чи�ло)"
+msgstr "entry_cache_service_timeout (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-#, fuzzy
-#| msgid ""
-#| "How many seconds should nss_sss consider entries valid before asking the "
-#| "backend again"
+#: sssd.conf.5.xml:835
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
-"Кількі�ть �екунд, прот�гом �ких nss_sss вважатиме запи�и чинними, перш ніж "
-"над�илати повторний запит до �ервера"
+"Кількі�ть �екунд, прот�гом �ких nss_sss вважатиме запи�и �лужб чинними, перш "
+"ніж над�илати повторний запит до �ервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:845
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (булеве значенн�)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:848
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 "Визначає, чи �лід також кешувати реє�траційні дані кори�тувача у локальному "
 "кеші LDB"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:852
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 "Реє�траційні дані кори�тувача зберігають�� у форматі хешу SHA512, а не у "
 "форматі звичайного тек�ту"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:861
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:864
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -1449,47 +1435,47 @@ msgstr ""
 "offline_credentials_expiration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
+#: sssd.conf.5.xml:871
 msgid "Default: 0 (unlimited)"
 msgstr "Типове значенн�: 0 (без обмежень)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
+#: sssd.conf.5.xml:877
 msgid "id_provider (string)"
 msgstr "id_provider (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#: sssd.conf.5.xml:880
 msgid "The Data Provider identity backend to use for this domain."
 msgstr "Модуль наданн� даних щодо профілів кори�тувачів дл� цього домену."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
+#: sssd.conf.5.xml:884
 msgid "Supported backends:"
 msgstr "Підтримувані модулі:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
+#: sssd.conf.5.xml:887
 msgid "proxy: Support a legacy NSS provider"
 msgstr "proxy: підтримка за�тарілого модул� наданн� даних NSS"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
+#: sssd.conf.5.xml:890
 msgid "local: SSSD internal local provider"
 msgstr "local: вбудований модуль наданн� локальних даних SSSD"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
+#: sssd.conf.5.xml:893
 msgid "ldap: LDAP provider"
 msgstr "ldap: модуль наданн� даних LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:899
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (булеве значенн�)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
+#: sssd.conf.5.xml:902
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1502,12 +1488,12 @@ msgstr ""
 "не покаже кори�тувача, а <command>getent passwd test@LOCAL</command> покаже."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:915
 msgid "auth_provider (string)"
 msgstr "auth_provider (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:918
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -1516,7 +1502,7 @@ msgstr ""
 "�лужб розпізнаванн�:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:922
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1528,7 +1514,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:929
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1540,18 +1526,18 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
+#: sssd.conf.5.xml:936
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr "<quote>proxy</quote> — тран�льоване розпізнаванн� у іншій �и�темі PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:939
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "<quote>none</quote> — вимкнути розпізнаванн� повні�тю."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:942
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -1560,12 +1546,12 @@ msgstr ""
 "�по�іб в�тановлено і можлива обробка запитів щодо розпізнаванн�."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
+#: sssd.conf.5.xml:948
 msgid "access_provider (string)"
 msgstr "access_provider (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:951
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -1576,17 +1562,17 @@ msgstr ""
 "Вбудованими програмами є:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:957
 msgid "<quote>permit</quote> always allow access."
 msgstr "<quote>permit</quote> — завжди дозвол�ти до�туп."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:960
 msgid "<quote>deny</quote> always deny access."
 msgstr "<quote>deny</quote> — завжди заборон�ти до�туп."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
+#: sssd.conf.5.xml:963
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1599,17 +1585,17 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
+#: sssd.conf.5.xml:970
 msgid "Default: <quote>permit</quote>"
 msgstr "Типове значенн�: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:975
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:978
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -1618,7 +1604,7 @@ msgstr ""
 "підтримку таких �и�тем зміни паролів:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
+#: sssd.conf.5.xml:983
 msgid ""
 "<quote>ipa</quote> to change a password stored in an IPA server.  See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1630,7 +1616,7 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:991
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1642,7 +1628,7 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
+#: sssd.conf.5.xml:999
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1654,18 +1640,18 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:1007
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr "<quote>proxy</quote> — тран�льована зміна парол� у іншій �и�темі PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
+#: sssd.conf.5.xml:1011
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr "<quote>none</quote> — �вно вимкнути можливі�ть зміни парол�."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
+#: sssd.conf.5.xml:1014
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -1674,122 +1660,90 @@ msgstr ""
 "цього параметра і �кщо �и�тема здатна обробл�ти запити щодо паролів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-#, fuzzy
-#| msgid "id_provider (string)"
+#: sssd.conf.5.xml:1021
 msgid "sudo_provider (string)"
-msgstr "id_provider (р�док)"
+msgstr "sudo_provider (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-#, fuzzy
-#| msgid ""
-#| "The authentication provider used for the domain.  Supported auth "
-#| "providers are:"
+#: sssd.conf.5.xml:1027
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
-"Служба розпізнаванн�, �ку викори�тано дл� цього домену. Серед підтримуваних "
-"�лужб розпізнаванн�:"
+"Служба SUDO, �ку викори�тано дл� цього домену. Серед підтримуваних �лужб "
+"SUDO:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-#, fuzzy
-#| msgid ""
-#| "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-#| "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> for more information on configuring LDAP."
+#: sssd.conf.5.xml:1031
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry> for more information on configuring LDAP."
 msgstr ""
-"<quote>ldap</quote> — змінити пароль, що зберігаєть�� на �ервері LDAP. "
-"Докладніші відомо�ті щодо налаштуванн� LDAP викладено у довіднику з "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>."
+"<quote>ldap</quote> дл� правил, що зберігають�� у LDAP. Докладніше про "
+"налаштовуванн� LDAP можна дізнати�� з довідки до <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-#, fuzzy
-#| msgid "<quote>none</quote> disables authentication explicitly."
+#: sssd.conf.5.xml:1038
 msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr "<quote>none</quote> — вимкнути розпізнаванн� повні�тю."
+msgstr "<quote>none</quote> �вним чином вимикає SUDO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-#, fuzzy
-#| msgid ""
-#| "Default: <quote>id_provider</quote> is used if it is set and can handle "
-#| "authentication requests."
+#: sssd.conf.5.xml:1041
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
-"Типове значенн�: буде викори�тано <quote>id_provider</quote>, �кщо цей "
-"�по�іб в�тановлено і можлива обробка запитів щодо розпізнаванн�."
+"Типове значенн�: викори�товуєть�� значенн� <quote>id_provider</quote>, �кщо "
+"його в�тановлено."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-#, fuzzy
-#| msgid "access_provider (string)"
+#: sssd.conf.5.xml:1047
 msgid "session_provider (string)"
-msgstr "access_provider (р�док)"
+msgstr "session_provider (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-#, fuzzy
-#| msgid ""
-#| "The provider which should handle change password operations for the "
-#| "domain.  Supported change password providers are:"
+#: sssd.conf.5.xml:1050
 msgid ""
 "The provider which should handle loading of session settings.  Supported "
 "session providers are:"
 msgstr ""
-"Си�тема, �ка має обробл�ти дії зі зміни паролів дл� домену. Передбачено "
-"підтримку таких �и�тем зміни паролів:"
+"Служба, �ка має обробл�ти завантаженн� параметрів �еан�у. Серед "
+"підтримуваних �лужб �еан�ів:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-#, fuzzy
-#| msgid ""
-#| "<quote>ipa</quote> to change a password stored in an IPA server.  See "
-#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> for more information on configuring IPA."
+#: sssd.conf.5.xml:1055
 msgid ""
 "<quote>ipa</quote> to load session settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry> for more information on configuring IPA."
 msgstr ""
-"<quote>ipa</quote> — змінити пароль, що зберігаєть�� на �ервері IPA. "
+"<quote>ipa</quote> дл� завантаженн� параметрів �еан�ів з �ервера IPA. "
 "Докладніші відомо�ті щодо налаштуванн� IPA викладено у довіднику з "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum></"
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-#, fuzzy
-#| msgid "<quote>none</quote> disallows password changes explicitly."
+#: sssd.conf.5.xml:1063
 msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr "<quote>none</quote> — �вно вимкнути можливі�ть зміни парол�."
+msgstr ""
+"<quote>none</quote> �вним чином заборон�є отриманн� даних щодо параметрів "
+"�еан�у."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-#, fuzzy
-#| msgid ""
-#| "Default: <quote>id_provider</quote> is used if it is set and can handle "
-#| "authentication requests."
+#: sssd.conf.5.xml:1066
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "session loading requests."
 msgstr ""
 "Типове значенн�: буде викори�тано <quote>id_provider</quote>, �кщо цей "
-"�по�іб в�тановлено і можлива обробка запитів щодо розпізнаванн�."
+"�по�іб в�тановлено і можлива обробка запитів щодо завантаженн� �еан�у."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
+#: sssd.conf.5.xml:1073
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1076
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -1798,48 +1752,48 @@ msgstr ""
 "під ча� виконанн� пошуків у DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1080
 msgid "Supported values:"
 msgstr "Передбачено підтримку таких значень:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1083
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 "ipv4_first: �пробувати визначити адре�у у форматі IPv4, у разі невдачі "
 "�пробувати формат IPv6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1086
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 "ipv4_only: намагати�� визначити назви вузлів лише у форматі адре� IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1089
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 "ipv6_first: �пробувати визначити адре�у у форматі IPv6, у разі невдачі "
 "�пробувати формат IPv4"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1092
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 "ipv6_only: намагати�� визначити назви вузлів лише у форматі адре� IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1095
 msgid "Default: ipv4_first"
 msgstr "Типове значенн�: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1101
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1104
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the DNS "
 "resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1850,12 +1804,12 @@ msgstr ""
 "очікуванн� буде перевищено, домен продовжуватиме роботу у автономному режимі."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1116
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
+#: sssd.conf.5.xml:1119
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -1864,28 +1818,28 @@ msgstr ""
 "ча�тину запиту визначенн� �лужб DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1123
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 "Типова поведінка: викори�товувати назву домену з назви вузла комп’ютера."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1129
 msgid "override_gid (integer)"
 msgstr "override_gid (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1132
 msgid "Override the primary GID value with the one specified."
 msgstr "Замірити значенн� о�новного GID на вказане."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
+#: sssd.conf.5.xml:1138
 msgid "case_sensitive (boolean)"
 msgstr "case_sensitive (булеве значенн�)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1141
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider."
@@ -1894,12 +1848,12 @@ msgstr ""
 "вер�ії підтримку передбачено лише дл� локальних надавачів даних."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1146
 msgid "Default: True"
 msgstr "Типове значенн�: True"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:698
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1910,17 +1864,17 @@ msgstr ""
 "quote> <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1158
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1161
 msgid "The proxy target PAM proxies to."
 msgstr "Комп’ютер, дл� �кого виконує прок�і-�ервер PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1164
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
@@ -1929,12 +1883,12 @@ msgstr ""
 "налаштуванн�ми pam або �творити нові і тут додати назву �лужби."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1172
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1175
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1945,7 +1899,7 @@ msgstr ""
 "наприклад _nss_files_getpwent."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1154
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
@@ -1954,12 +1908,12 @@ msgstr ""
 "\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1187
 msgid "The local domain section"
 msgstr "Розділ локального домену"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1189
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -1970,29 +1924,29 @@ msgstr ""
 "викори�товує <replaceable>id_provider=local</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1196
 msgid "default_shell (string)"
 msgstr "default_shell (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
+#: sssd.conf.5.xml:1199
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 "Типова оболонка дл� запи�ів кори�тувачів, �творених за допомогою "
 "ін�трументів про�тору кори�тувачів SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
+#: sssd.conf.5.xml:1203
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr "Типове значенн�: <filename>/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:1208
 msgid "base_directory (string)"
 msgstr "base_directory (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:1211
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
@@ -2001,17 +1955,17 @@ msgstr ""
 "replaceable> і викори�товують отриману адре�у �к адре�у домашнього каталогу."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1216
 msgid "Default: <filename>/home</filename>"
 msgstr "Типове значенн�: <filename>/home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
+#: sssd.conf.5.xml:1221
 msgid "create_homedir (bool)"
 msgstr "create_homedir (булеве значенн�)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
+#: sssd.conf.5.xml:1224
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
@@ -2020,17 +1974,17 @@ msgstr ""
 "Може бути перевизначено з командного р�дка."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
+#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
 msgid "Default: TRUE"
 msgstr "Типове значенн�: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1233
 msgid "remove_homedir (bool)"
 msgstr "remove_homedir (булів�ьке значенн�)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
+#: sssd.conf.5.xml:1236
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
@@ -2039,12 +1993,12 @@ msgstr ""
 "кори�тувачів. Може бути перевизначено з командного р�дка."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
+#: sssd.conf.5.xml:1245
 msgid "homedir_umask (integer)"
 msgstr "homedir_umask (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1248
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2055,17 +2009,17 @@ msgstr ""
 "до щойно �твореного домашнього каталогу."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
+#: sssd.conf.5.xml:1256
 msgid "Default: 077"
 msgstr "Типове значенн�: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1261
 msgid "skel_dir (string)"
 msgstr "skel_dir (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1264
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -2078,17 +2032,17 @@ msgstr ""
 "<manvolnum>8</manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
+#: sssd.conf.5.xml:1274
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "Типове значенн�: <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
+#: sssd.conf.5.xml:1279
 msgid "mail_dir (string)"
 msgstr "mail_dir (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1282
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -2099,17 +2053,17 @@ msgstr ""
 "каталог не вказано, буде викори�тано типове значенн�."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1289
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "Типове значенн�: <filename>/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
+#: sssd.conf.5.xml:1294
 msgid "userdel_cmd (string)"
 msgstr "userdel_cmd (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
+#: sssd.conf.5.xml:1297
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -2120,18 +2074,18 @@ msgstr ""
 "вилучаєть��. Код виконанн�, повернутий програмою не обробл�єть��."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1303
 msgid "Default: None, no command is run"
 msgstr "Типове значенн�: None, не виконувати жодних команд"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
+#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
 #: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
 msgid "EXAMPLE"
 msgstr "ПРИКЛ�Д"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -2185,7 +2139,7 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1315
 msgid ""
 "The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -2197,7 +2151,7 @@ msgstr ""
 "щодо налаштуванн� доменів.  <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1350
 msgid ""
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
 "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -2989,19 +2943,13 @@ msgstr "Типове значенн�: krbPrincipalName"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:582
-#, fuzzy
-#| msgid "ldap_user_shell (string)"
 msgid "ldap_user_ssh_public_key (string)"
-msgstr "ldap_user_shell (р�док)"
+msgstr "ldap_user_ssh_public_key (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:585
-#, fuzzy
-#| msgid ""
-#| "The LDAP attribute that contains the path to the user's default shell."
 msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-"�трибут LDAP, що мі�тить шл�х до типової командної оболонки кори�тувача."
+msgstr "�трибут LDAP, �кий мі�тить відкриті ключі SSH кори�тувача."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:592
@@ -3029,16 +2977,12 @@ msgstr "ldap_enumeration_refresh_timeout (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:611
-#, fuzzy
-#| msgid ""
-#| "The LDAP attribute that contains how many seconds SSSD has to wait before "
-#| "refreshing its cache of enumerated records."
 msgid ""
 "Specifies how many seconds SSSD has to wait before refreshing its cache of "
 "enumerated records."
 msgstr ""
-"�трибут LDAP, що мі�тить дані щодо кілько�ті �екунд, прот�гом �ких SSSD має "
-"очікувати до оновленн� �вого кешу нумерованих запи�ів."
+"Визначає кількі�ть �екунд, прот�гом �ких SSSD має очікувати до оновленн� "
+"�вого кешу нумерованих запи�ів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
@@ -3047,10 +2991,8 @@ msgstr "Типове значенн�: 300"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:622
-#, fuzzy
-#| msgid "ldap_search_timeout (integer)"
 msgid "ldap_purge_cache_timeout (integer)"
-msgstr "ldap_search_timeout (ціле чи�ло)"
+msgstr "ldap_purge_cache_timeout (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:625
@@ -3354,103 +3296,73 @@ msgstr "ldap_netgroup_modify_timestamp (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:900
-#, fuzzy
-#| msgid "ldap_user_object_class (string)"
 msgid "ldap_service_object_class (string)"
-msgstr "ldap_user_object_class (р�док)"
+msgstr "ldap_service_object_class (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:903
-#, fuzzy
-#| msgid "The object class of a user entry in LDAP."
 msgid "The object class of a service entry in LDAP."
-msgstr "Кла� об’єктів запи�у кори�тувача у LDAP."
+msgstr "Кла� об’єктів запи�у �лужби у LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:906
-#, fuzzy
-#| msgid "Default: authorizedService"
 msgid "Default: ipService"
-msgstr "Типове значенн�: authorizedService"
+msgstr "Типове значенн�: ipService"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:912
-#, fuzzy
-#| msgid "ldap_dns_service_name (string)"
 msgid "ldap_service_name (string)"
-msgstr "ldap_dns_service_name (р�док)"
+msgstr "ldap_service_name (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:915
-#, fuzzy
-#| msgid ""
-#| "The LDAP attribute that contains the name of the user's home directory."
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
-msgstr "�трибут LDAP, що мі�тить назву домашнього каталогу кори�тувача."
+msgstr ""
+"�трибут LDAP, що мі�тить назву атрибутів �лужби та замінників цих атрибутів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:925
-#, fuzzy
-#| msgid "ldap_tls_cert (string)"
 msgid "ldap_service_port (string)"
-msgstr "ldap_tls_cert (р�док)"
+msgstr "ldap_service_port (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:928
-#, fuzzy
-#| msgid ""
-#| "The LDAP attribute that contains the name of the user's home directory."
 msgid "The LDAP attribute that contains the port managed by this service."
-msgstr "�трибут LDAP, що мі�тить назву домашнього каталогу кори�тувача."
+msgstr "�трибут LDAP, що мі�тить номер порту, �ким керує ц� �лужба."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:932
-#, fuzzy
-#| msgid "Default: ipv4_first"
 msgid "Default: ipServicePort"
-msgstr "Типове значенн�: ipv4_first"
+msgstr "Типове значенн�: ipServicePort"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:938
-#, fuzzy
-#| msgid "ldap_tls_cert (string)"
 msgid "ldap_service_proto (string)"
-msgstr "ldap_tls_cert (р�док)"
+msgstr "ldap_service_proto (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:941
-#, fuzzy
-#| msgid ""
-#| "The LDAP attribute that contains the path to the user's default shell."
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-"�трибут LDAP, що мі�тить шл�х до типової командної оболонки кори�тувача."
+msgstr "�трибут LDAP, що мі�тить протоколи, за �ким може працювати ц� �лужба."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:945
-#, fuzzy
-#| msgid "Default: ipv4_first"
 msgid "Default: ipServiceProtocol"
-msgstr "Типове значенн�: ipv4_first"
+msgstr "Типове значенн�: ipServiceProtocol"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:951
-#, fuzzy
-#| msgid "ldap_user_search_base (string)"
 msgid "ldap_service_search_base (string)"
-msgstr "ldap_user_search_base (р�док)"
+msgstr "ldap_service_search_base (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:954
-#, fuzzy
-#| msgid "An optional base DN to restrict user searches to a specific subtree."
 msgid "An optional base DN to restrict service searches to a specific subtree."
 msgstr ""
-"Додатковий о�новний DN дл� обмеженн� пошуків кори�тувачів певною гілкою "
-"ієрархії."
+"Додатковий о�новний DN дл� обмеженн� пошуків �лужб певною гілкою ієрархії."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
@@ -3609,7 +3521,7 @@ msgstr "Типове значенн�: 1000"
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1079
 msgid "ldap_disable_paging"
-msgstr ""
+msgstr "ldap_disable_paging"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1082
@@ -3618,6 +3530,9 @@ msgid ""
 "server reports that it supports the LDAP paging control in its RootDSE but "
 "it is not enabled or does not behave properly."
 msgstr ""
+"Вимикає контроль �торінок LDAP. Цим параметром �лід �кори�тати��, �кщо "
+"�ервер LDAP повідомл�є про підтримку контролю �торінок LDAP у �воєму "
+"RootDSE, але цю підтримку не увімкнено або вона не працює належним чином."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1088
@@ -3625,6 +3540,9 @@ msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use it."
 msgstr ""
+"Приклад: �ервери OpenLDAP з модулем контролю �торінок, в�тановленим на "
+"�ервері, але не увімкненим, повідомл�ють про підтримку у RootDSE, але цією "
+"підтримкою не можна �кори�тати��."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1094
@@ -3633,6 +3551,9 @@ msgid ""
 "a time on a single connection. On busy clients, this can result in some "
 "requests being denied."
 msgstr ""
+"Приклад: 389 DS має ваду, пов’�зану з тим, що здатен підтримувати лише один "
+"проце� контролю �торінок дл� одного з’єднанн�. У разі значного навантаженн� "
+"це може призве�ти до відмови у виконанні запитів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1103
@@ -4060,22 +3981,14 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1416
-#, fuzzy
-#| msgid ""
-#| "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-#| "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes "
-#| "to evaluate if the password has expired.  Note that the current version "
-#| "of sssd cannot update this attribute during a password change."
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
 "evaluate if the password has expired."
 msgstr ""
-"<emphasis>shadow</emphasis> — викори�товувати атрибути у форматі "
+"<emphasis>shadow</emphasis> — викори�товувати атрибути у �тилі "
 "<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> дл� визначенн� завершенн� �троку дії парол�. "
-"Зауважте, що у поточній вер�ії sssd не передбачено можливо�ті оновленн� "
-"цього атрибута під ча� зміни парол�."
+"manvolnum></citerefentry> дл� визначенн� того, чи чинним є пароль."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1422
@@ -4411,253 +4324,194 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:1639
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "SUDO OPTIONS"
-msgstr "П�Р�МЕТРИ"
+msgstr "П�Р�МЕТРИ SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1644
-#, fuzzy
-#| msgid "ldap_user_object_class (string)"
 msgid "ldap_sudorule_object_class (string)"
-msgstr "ldap_user_object_class (р�док)"
+msgstr "ldap_sudorule_object_class (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1647
-#, fuzzy
-#| msgid "The object class of a user entry in LDAP."
 msgid "The object class of a sudo rule entry in LDAP."
-msgstr "Кла� об’єктів запи�у кори�тувача у LDAP."
+msgstr "Кла� об’єктів запи�у правила sudo у LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1650
-#, fuzzy
-#| msgid "Default: uid"
 msgid "Default: sudoRole"
-msgstr "Типове значенн�: uid"
+msgstr "Типове значенн�: sudoRole"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1656
-#, fuzzy
-#| msgid "ldap_user_name (string)"
 msgid "ldap_sudorule_name (string)"
-msgstr "ldap_user_name (р�док)"
+msgstr "ldap_sudorule_name (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1659
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the group name."
 msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr "�трибут LDAP, що відповідає назві групи."
+msgstr "�трибут LDAP, що відповідає назві правила sudo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1669
-#, fuzzy
-#| msgid "ldap_schema (string)"
 msgid "ldap_sudorule_command (string)"
-msgstr "ldap_schema (р�док)"
+msgstr "ldap_sudorule_command (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1672
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the group name."
 msgid "The LDAP attribute that corresponds to the command name."
-msgstr "�трибут LDAP, що відповідає назві групи."
+msgstr "�трибут LDAP, що відповідає назві команди."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1676
-#, fuzzy
-#| msgid "Default: uid"
 msgid "Default: sudoCommand"
-msgstr "Типове значенн�: uid"
+msgstr "Типове значенн�: sudoCommand"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1682
-#, fuzzy
-#| msgid "ldap_user_authorized_host (string)"
 msgid "ldap_sudorule_host (string)"
-msgstr "ldap_user_authorized_host (р�док)"
+msgstr "ldap_sudorule_host (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1685
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
-msgstr "�трибут LDAP, що відповідає ідентифікатору о�новної групи кори�тувача."
+msgstr ""
+"�трибут LDAP, �кий відповідає назві вузла (або IP-адре�і вузла, IP-мережі "
+"вузла, мережевій групі вузла)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1690
-#, fuzzy
-#| msgid "Default: root"
 msgid "Default: sudoHost"
-msgstr "Типове значенн�: root"
+msgstr "Типове значенн�: sudoHost"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1696
-#, fuzzy
-#| msgid "ldap_user_uid_number (string)"
 msgid "ldap_sudorule_user (string)"
-msgstr "ldap_user_uid_number (р�док)"
+msgstr "ldap_sudorule_user (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1699
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the netgroup name."
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
-msgstr "�трибут LDAP, що відповідає назві мережевої групи (netgroup)."
+msgstr ""
+"�трибут LDAP, що відповідає назві імені кори�тувача (або UID, назві групи "
+"або назві мережевої групи кори�тувача)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1703
-#, fuzzy
-#| msgid "Default: uid"
 msgid "Default: sudoUser"
-msgstr "Типове значенн�: uid"
+msgstr "Типове значенн�: sudoUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1709
-#, fuzzy
-#| msgid "ldap_uri (string)"
 msgid "ldap_sudorule_option (string)"
-msgstr "ldap_uri (р�док)"
+msgstr "ldap_sudorule_option (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1712
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's id."
 msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr "�трибут LDAP, що відповідає ідентифікатору кори�тувача."
+msgstr "�трибут LDAP, що відповідає параметрам sudo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1716
-#, fuzzy
-#| msgid "Default: shadowMin"
 msgid "Default: sudoOption"
-msgstr "Типове значенн�: shadowMin"
+msgstr "Типове значенн�: sudoOption"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1722
-#, fuzzy
-#| msgid "ldap_user_name (string)"
 msgid "ldap_sudorule_runasuser (string)"
-msgstr "ldap_user_name (р�док)"
+msgstr "ldap_sudorule_runasuser (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1725
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
-msgstr "�трибут LDAP, що відповідає ідентифікатору о�новної групи кори�тувача."
+msgstr ""
+"�трибут LDAP, що відповідає кори�тувачеві, від імені �кого можна виконувати "
+"команди."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1729
-#, fuzzy
-#| msgid "Default: uidNumber"
 msgid "Default: sudoRunAsUser"
-msgstr "Типове значенн�: uidNumber"
+msgstr "Типове значенн�: sudoRunAsUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1735
-#, fuzzy
-#| msgid "ldap_user_name (string)"
 msgid "ldap_sudorule_runasgroup (string)"
-msgstr "ldap_user_name (р�док)"
+msgstr "ldap_sudorule_runasgroup (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1738
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the group name."
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
-msgstr "�трибут LDAP, що відповідає назві групи."
+msgstr ""
+"�трибут LDAP, що відповідає назві групи або GID, від імені �кої можна "
+"виконувати команди."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1742
-#, fuzzy
-#| msgid "Default: posixGroup"
 msgid "Default: sudoRunAsGroup"
-msgstr "Типове значенн�: posixGroup"
+msgstr "Типове значенн�: sudoRunAsGroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1748
-#, fuzzy
-#| msgid "ldap_user_uid_number (string)"
 msgid "ldap_sudorule_notbefore (string)"
-msgstr "ldap_user_uid_number (р�док)"
+msgstr "ldap_sudorule_notbefore (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1751
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
-msgstr "�трибут LDAP, що відповідає ідентифікатору о�новної групи кори�тувача."
+msgstr ""
+"�трибут LDAP, що відповідає даті і ча�у набутт� чинно�ті правилом sudo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1755
-#, fuzzy
-#| msgid "Default: uidNumber"
 msgid "Default: sudoNotBefore"
-msgstr "Типове значенн�: uidNumber"
+msgstr "Типове значенн�: sudoNotBefore"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1761
-#, fuzzy
-#| msgid "ldap_user_name (string)"
 msgid "ldap_sudorule_notafter (string)"
-msgstr "ldap_user_name (р�док)"
+msgstr "ldap_sudorule_notafter (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1764
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
-msgstr "�трибут LDAP, що відповідає ідентифікатору о�новної групи кори�тувача."
+msgstr "�трибут LDAP, що відповідає даті і ча�у втрати чинно�ті правилом sudo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1769
-#, fuzzy
-#| msgid "Default: filter"
 msgid "Default: sudoNotAfter"
-msgstr "Типове значенн�: filter"
+msgstr "Типове значенн�: sudoNotAfter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1775
-#, fuzzy
-#| msgid "ldap_access_order (string)"
 msgid "ldap_sudorule_order (string)"
-msgstr "ldap_access_order (р�док)"
+msgstr "ldap_sudorule_order (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1778
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's id."
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr "�трибут LDAP, що відповідає ідентифікатору кори�тувача."
+msgstr "�трибут LDAP, що відповідає пор�дковому номеру правила."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1782
-#, fuzzy
-#| msgid "Default: password"
 msgid "Default: sudoOrder"
-msgstr "Типове значенн�: password"
+msgstr "Типове значенн�: sudoOrder"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1788
-#, fuzzy
-#| msgid "ldap_referrals (boolean)"
 msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr "ldap_referrals (булеве значенн�)"
+msgstr "ldap_sudo_refresh_enabled (булеве значенн�)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1791
@@ -4665,57 +4519,44 @@ msgid ""
 "Enables periodical download of all sudo rules.  The cache is purged before "
 "each update."
 msgstr ""
+"Вмикає періодичне звантаженн� в�іх правил sudo. Перед кожним оновленн�м дані "
+"з кешу вилучають��."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1801
-#, fuzzy
-#| msgid "ldap_enumeration_refresh_timeout (integer)"
 msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr "ldap_enumeration_refresh_timeout (ціле чи�ло)"
+msgstr "ldap_sudo_refresh_timeout (ціле чи�ло)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1804
-#, fuzzy
-#| msgid ""
-#| "The LDAP attribute that contains how many seconds SSSD has to wait before "
-#| "refreshing its cache of enumerated records."
 msgid ""
 "How many seconds SSSD has to wait before refreshing its cache of sudo rules."
 msgstr ""
-"�трибут LDAP, що мі�тить дані щодо кілько�ті �екунд, прот�гом �ких SSSD має "
-"очікувати до оновленн� �вого кешу нумерованих запи�ів."
+"Визначає кількі�ть �екунд, прот�гом �ких SSSD має очікувати до оновленн� "
+"�вого кешу правил sudo."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1642
-#, fuzzy
-#| msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1815
-#, fuzzy
-#| msgid ""
-#| "Specifies acceptable cipher suites.  Typically this is a colon sperated "
-#| "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-#| "<manvolnum>5</manvolnum></citerefentry> for format."
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
+"explanation of sudo related attribute semantics, see <citerefentry> "
 "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
 "citerefentry>"
 msgstr ""
-"Визначає прийн�тні комплекти програм дл� шифруванн�. Запи�и у типовому "
-"�пи�ку �лід відокремлювати комами. З форматом можна ознайомити�� на �торінці "
-"довідника до <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry>."
+"�а цій �торінці довідника наведено дані щодо відповідно�ті назв атрибутів. "
+"Докладний опи� �емантики атрибутів, пов’�заних з sudo, можна знайти у "
+"довідці з <citerefentry> <refentrytitle>sudoers.ldap</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:1825
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "AUTOFS OPTIONS"
-msgstr "П�Р�МЕТРИ"
+msgstr "П�Р�МЕТРИ AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1827
@@ -4723,62 +4564,48 @@ msgid ""
 "Please note that the default values correspond to the default schema which "
 "is RFC2307."
 msgstr ""
+"Будь ла�ка, зауважте, що типові значенн� відповідають типовій �хемі, �ку "
+"визначено у RFC2307."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1834
-#, fuzzy
-#| msgid "ldap_user_object_class (string)"
 msgid "ldap_autofs_map_object_class (string)"
-msgstr "ldap_user_object_class (р�док)"
+msgstr "ldap_autofs_map_object_class (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-#, fuzzy
-#| msgid "The object class of a group entry in LDAP."
 msgid "The object class of an automount map entry in LDAP."
-msgstr "Кла� об’єктів запи�у групи у LDAP."
+msgstr "Кла� об’єктів запи�у карти автоматичного монтуванн� у LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-#, fuzzy
-#| msgid "Default: root"
 msgid "Default: automountMap"
-msgstr "Типове значенн�: root"
+msgstr "Типове значенн�: automountMap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1847
-#, fuzzy
-#| msgid "ldap_user_name (string)"
 msgid "ldap_autofs_map_name (string)"
-msgstr "ldap_user_name (р�док)"
+msgstr "ldap_autofs_map_name (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1850
-#, fuzzy
-#| msgid "The object class of a group entry in LDAP."
 msgid "The name of an automount map entry in LDAP."
-msgstr "Кла� об’єктів запи�у групи у LDAP."
+msgstr "�азва запи�у карти автоматичного монтуванн� у LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1853
-#, fuzzy
-#| msgid "Default: uid"
 msgid "Default: ou"
-msgstr "Типове значенн�: uid"
+msgstr "Типове значенн�: ou"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1860
-#, fuzzy
-#| msgid "ldap_user_object_class (string)"
 msgid "ldap_autofs_entry_object_class (string)"
-msgstr "ldap_user_object_class (р�док)"
+msgstr "ldap_autofs_entry_object_class (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1874
-#, fuzzy
-#| msgid "ldap_tls_key (string)"
 msgid "ldap_autofs_entry_key (string)"
-msgstr "ldap_tls_key (р�док)"
+msgstr "ldap_autofs_entry_key (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
@@ -4786,20 +4613,18 @@ msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
 msgstr ""
+"Ключ запи�у автоматичного монтуванн� LDAP. Цей запи� зазвичай відповідає "
+"точні монтуванн�."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1888
-#, fuzzy
-#| msgid "ldap_user_name (string)"
 msgid "ldap_autofs_entry_value (string)"
-msgstr "ldap_user_name (р�док)"
+msgstr "ldap_autofs_entry_value (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1895
-#, fuzzy
-#| msgid "Default: shadowInactive"
 msgid "Default: automountInformation"
-msgstr "Типове значенн�: shadowInactive"
+msgstr "Типове значенн�: automountInformation"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1832
@@ -4809,6 +4634,10 @@ msgid ""
 "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
 "\"variablelist\" id=\"4\"/>"
 msgstr ""
+"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
+"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
+"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
+"\"variablelist\" id=\"4\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:1904
@@ -4918,37 +4747,29 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:2012
-#, fuzzy
-#| msgid "ldap_search_base (string)"
 msgid "ldap_sudo_search_base (string)"
-msgstr "ldap_search_base (р�док)"
+msgstr "ldap_sudo_search_base (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2015
-#, fuzzy
-#| msgid "An optional base DN to restrict user searches to a specific subtree."
 msgid ""
 "An optional base DN to restrict sudo rules searches to a specific subtree."
 msgstr ""
-"Додатковий о�новний DN дл� обмеженн� пошуків кори�тувачів певною гілкою "
+"Додатковий о�новний DN дл� обмеженн� пошуків правил sudo певною гілкою "
 "ієрархії."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:2034
-#, fuzzy
-#| msgid "ldap_user_search_base (string)"
 msgid "ldap_autofs_search_base (string)"
-msgstr "ldap_user_search_base (р�док)"
+msgstr "ldap_autofs_search_base (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2037
-#, fuzzy
-#| msgid "An optional base DN to restrict user searches to a specific subtree."
 msgid ""
 "An optional base DN to restrict automounter searches to a specific subtree."
 msgstr ""
-"Додатковий о�новний DN дл� обмеженн� пошуків кори�тувачів певною гілкою "
-"ієрархії."
+"Додатковий о�новний DN дл� обмеженн� пошуків за�обу автоматичного монтуванн� "
+"певною гілкою ієрархії."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:1906
@@ -5634,6 +5455,9 @@ msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
 msgstr ""
+"З�УВ�ЖЕ��Я: на за�тарілих �и�темах (зокрема RHEL 5) дл� надійної роботи у "
+"цьому режимі типову обла�ть дії Kerberos має бути належним чином визначено "
+"у /etc/krb5.conf"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:129
@@ -5674,20 +5498,14 @@ msgstr "Типове значеннÑ�: викориÑ�таннÑ� базової Ð
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:156
-#, fuzzy
-#| msgid "ipa_hbac_search_base (string)"
 msgid "ipa_host_search_base (string)"
-msgstr "ipa_hbac_search_base (р�док)"
+msgstr "ipa_host_search_base (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:159
-#, fuzzy
-#| msgid ""
-#| "Optional. Use the given string as search base for HBAC related objects."
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
-"�еобов’�зковий. Викори�тати вказаний р�док �к о�нову пошуку пов’�заних з "
-"HBAC об’єктів."
+"�еобов’�зковий. Викори�тати вказаний р�док �к о�нову пошуку об’єктів вузлів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:168
@@ -5696,23 +5514,21 @@ msgid ""
 "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
 "will be ignored."
 msgstr ""
+"Якщо вказано фільтруванн� за довільною базою пошуку і в�тановлено значенн� "
+"False дл� <emphasis>ipa_hbac_support_srchost</emphasis>, фільтр буде "
+"проігноровано."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:180
-#, fuzzy
-#| msgid "ipa_hbac_search_base (string)"
 msgid "ipa_selinux_search_base (string)"
-msgstr "ipa_hbac_search_base (р�док)"
+msgstr "ipa_selinux_search_base (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:183
-#, fuzzy
-#| msgid ""
-#| "Optional. Use the given string as search base for HBAC related objects."
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
-"�еобов’�зковий. Викори�тати вказаний р�док �к о�нову пошуку пов’�заних з "
-"HBAC об’єктів."
+"�еобов’�зковий. Викори�тати вказаний р�док �к о�нову пошуку карт "
+"кори�тувачів SELinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
@@ -5849,23 +5665,25 @@ msgid ""
 "Note that if set to <emphasis>False</emphasis>, this option casuses filters "
 "given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
 msgstr ""
+"Зауважте, що �кщо в�тановлено значенн� <emphasis>False</emphasis>, фільтри, "
+"вказані за допомогою параметра <emphasis>ipa_host_search_base</emphasis>, "
+"буде проігноровано;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:307
-#, fuzzy
-#| msgid "ipa_domain (string)"
 msgid "ipa_automount_location (string)"
-msgstr "ipa_domain (р�док)"
+msgstr "ipa_automount_location (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:310
 msgid "The automounter location this IPA client will be using"
 msgstr ""
+"�дре�а автоматичного монтуванн�, �ку буде викори�товувати цей клієнт IPA"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:313
 msgid "Default: The location named \"default\""
-msgstr ""
+msgstr "Типове значенн�: адре�а з назвою \"default\""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:319
@@ -5982,213 +5800,158 @@ msgstr "Типове значенн�: fqdn"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:404
-#, fuzzy
-#| msgid "ldap_user_object_class (string)"
 msgid "ipa_selinux_usermap_object_class (string)"
-msgstr "ldap_user_object_class (р�док)"
+msgstr "ipa_selinux_usermap_object_class (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:415
-#, fuzzy
-#| msgid "ldap_user_name (string)"
 msgid "ipa_selinux_usermap_name (string)"
-msgstr "ldap_user_name (р�док)"
+msgstr "ipa_selinux_usermap_name (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:418
-#, fuzzy
-#| msgid "The LDAP attribute that contains the names of the group's members."
 msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr "�трибут LDAP, у �кому мі�т�ть�� імена уча�ників групи."
+msgstr "�трибут LDAP, що мі�тить назву карти кори�тувачів SELinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:427
-#, fuzzy
-#| msgid "ipa_netgroup_member_user (string)"
 msgid "ipa_selinux_usermap_member_user (string)"
-msgstr "ipa_netgroup_member_user (р�док)"
+msgstr "ipa_selinux_usermap_member_user (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:430
-#, fuzzy
-#| msgid "The LDAP attribute that contains FQDN of the host."
 msgid ""
 "The LDAP attribute that contains all users / groups this rule match against."
-msgstr "�трибут LDAP, що мі�тить FQDN вузла."
+msgstr ""
+"�трибут LDAP, що мі�тить �пи�ок в�іх кори�тувачів і груп, �ких �то�уєть�� це "
+"правило."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:439
-#, fuzzy
-#| msgid "ipa_netgroup_member_host (string)"
 msgid "ipa_selinux_usermap_member_host (string)"
-msgstr "ipa_netgroup_member_host (р�док)"
+msgstr "ipa_selinux_usermap_member_host (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:442
-#, fuzzy
-#| msgid ""
-#| "The LDAP attribute that contains the (host, user, domain) netgroup "
-#| "triples."
 msgid ""
 "The LDAP attribute that contains all hosts / hostgroups this rule match "
 "against."
 msgstr ""
-"�трибут LDAP, що мі�тить трійки мережевої групи (вузол, кори�тувач, домен)."
+"�трибут LDAP, що мі�тить �пи�ок в�іх вузлів і груп вузлів, �ких �то�уєть�� "
+"це правило."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:451
-#, fuzzy
-#| msgid "ipa_netgroup_member_of (string)"
 msgid "ipa_selinux_usermap_see_also (string)"
-msgstr "ipa_netgroup_member_of (р�док)"
+msgstr "ipa_selinux_usermap_see_also (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:454
-#, fuzzy
-#| msgid ""
-#| "The LDAP attribute that contains the names of the netgroup's members."
 msgid ""
 "The LDAP attribute that contains DN of HBAC rule which can be used for "
 "matching instead of memberUser and memberHost"
 msgstr ""
-"�трибут LDAP, у �кому мі�т�ть�� імена уча�ників мережевої групи (netgroup)."
+"�трибут LDAP, що мі�тить назву домену правила HBAC, �ким можна кори�тувати�� "
+"дл� в�тановленн� відповідно�ті замі�ть memberUser і memberHost."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:459
-#, fuzzy
-#| msgid "Default: false"
 msgid "Default: seeAlso"
-msgstr "Типове значенн�: false"
+msgstr "Типове значенн�: seeAlso"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:464
-#, fuzzy
-#| msgid "ipa_netgroup_member_user (string)"
 msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr "ipa_netgroup_member_user (р�док)"
+msgstr "ipa_selinux_usermap_selinux_user (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:467
-#, fuzzy
-#| msgid "The LDAP attribute that contains FQDN of the host."
 msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr "�трибут LDAP, що мі�тить FQDN вузла."
+msgstr "�трибут LDAP, �кий мі�тить �ам р�док кори�тувача SELinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:471
-#, fuzzy
-#| msgid "Default: ipaHost"
 msgid "Default: ipaSELinuxUser"
-msgstr "Типове значенн�: ipaHost"
+msgstr "Типове значенн�: ipaSELinuxUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:476
-#, fuzzy
-#| msgid "ldap_user_name (string)"
 msgid "ipa_selinux_usermap_enabled (string)"
-msgstr "ldap_user_name (р�док)"
+msgstr "ipa_selinux_usermap_enabled (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:479
-#, fuzzy
-#| msgid ""
-#| "The LDAP attribute that contains the path to the user's default shell."
 msgid ""
 "The LDAP attribute that contains whether or not is user map enabled for "
 "usage."
 msgstr ""
-"�трибут LDAP, що мі�тить шл�х до типової командної оболонки кори�тувача."
+"�трибут LDAP, що мі�тить дані щодо того, чи можна кори�тувати�� картою "
+"кори�тувачів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:483
-#, fuzzy
-#| msgid "Default: loginDisabled"
 msgid "Default: ipaEnabledFlag"
-msgstr "Типове значенн�: loginDisabled"
+msgstr "Типове значенн�: ipaEnabledFlag"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:488
-#, fuzzy
-#| msgid "ldap_user_search_filter (string)"
 msgid "ipa_selinux_usermap_user_category (string)"
-msgstr "ldap_user_search_filter (р�док)"
+msgstr "ipa_selinux_usermap_user_category (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:491
-#, fuzzy
-#| msgid "The LDAP attribute that contains FQDN of the host."
 msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr "�трибут LDAP, що мі�тить FQDN вузла."
+msgstr "�трибут LDAP, що мі�тить категорію кори�тувачів, зокрема 'all'."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:495
-#, fuzzy
-#| msgid "Default: homeDirectory"
 msgid "Default: userCategory"
-msgstr "Типове значенн�: homeDirectory"
+msgstr "Типове значенн�: userCategory"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:500
-#, fuzzy
-#| msgid "ldap_user_home_directory (string)"
 msgid "ipa_selinux_usermap_host_category (string)"
-msgstr "ldap_user_home_directory (р�док)"
+msgstr "ipa_selinux_usermap_host_category (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:503
-#, fuzzy
-#| msgid "The LDAP attribute that contains FQDN of the host."
 msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr "�трибут LDAP, що мі�тить FQDN вузла."
+msgstr "�трибут LDAP, що мі�тить категорію вузлів, зокрема 'all'."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:507
-#, fuzzy
-#| msgid "Default: host"
 msgid "Default: hostCategory"
-msgstr "Типове значенн�: host"
+msgstr "Типове значенн�: hostCategory"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:512
-#, fuzzy
-#| msgid "ldap_user_uuid (string)"
 msgid "ipa_selinux_usermap_uuid (string)"
-msgstr "ldap_user_uuid (р�док)"
+msgstr "ipa_selinux_usermap_uuid (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:515
-#, fuzzy
-#| msgid "The LDAP attribute that contains FQDN of the host."
 msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr "�трибут LDAP, що мі�тить FQDN вузла."
+msgstr "�трибут LDAP, що мі�тить унікальний ідентифікатор карти кори�тувачів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:519
-#, fuzzy
-#| msgid "Default: nsUniqueId"
 msgid "Default: ipaUniqueID"
-msgstr "Типове значенн�: nsUniqueId"
+msgstr "Типове значенн�: ipaUniqueID"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:524
-#, fuzzy
-#| msgid "ipa_hostname (string)"
 msgid "ipa_host_ssh_public_key (string)"
-msgstr "ipa_hostname (р�док)"
+msgstr "ipa_host_ssh_public_key (р�док)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:527
-#, fuzzy
-#| msgid "The LDAP attribute that contains FQDN of the host."
 msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr "�трибут LDAP, що мі�тить FQDN вузла."
+msgstr "�трибут LDAP, �кий мі�тить відкриті ключі SSH вузла."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:531
-#, fuzzy
-#| msgid "Default: ipaHost"
 msgid "Default: ipaSshPubKey"
-msgstr "Типове значенн�: ipaHost"
+msgstr "Типове значенн�: ipaSshPubKey"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:546
@@ -6362,12 +6125,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr "Запу�тити програму у звичайному режимі, не �творювати фонової �лужби."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
+#: sssd.8.xml:117 sss_debuglevel.8.xml:42
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr "<option>-c</option>,<option>--config</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
+#: sssd.8.xml:121 sss_debuglevel.8.xml:46
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -6559,7 +6322,8 @@ msgstr ""
 "Пароль дл� заплутуванн� буде прочитано зі �тандартного джерела вхідних даних."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:82
+#: sss_ssh_knownhostsproxy.1.xml:81
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
 "replaceable>"
@@ -7409,8 +7173,8 @@ msgid ""
 "not given, it is chosen automatically."
 msgstr ""
 "В�тановити дл� параметра ідентифікатора групи (GID) значенн� "
-"<replaceable>GID</replaceable> </replaceable>. Якщо таке значенн� не буде "
-"вказано, програма вибере його автоматично."
+"<replaceable>GID</replaceable>. Якщо таке значенн� не буде вказано, програма "
+"вибере його автоматично."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_groupadd.8.xml:60
@@ -7780,6 +7544,413 @@ msgstr ""
 "citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_cache.8.xml:10 sss_cache.8.xml:15
+msgid "sss_cache"
+msgstr "sss_cache"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_cache.8.xml:16
+msgid "perform cache cleanup"
+msgstr "виконати �порожненн� кешу"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_cache.8.xml:21
+msgid ""
+"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+msgstr ""
+"<command>sss_cache</command> <arg choice='opt'> <replaceable>параметри</"
+"replaceable> </arg>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_cache.8.xml:31
+msgid ""
+"<command>sss_cache</command> invalidates records in SSSD cache.  Invalidated "
+"records are forced to be reloaded from server as soon as related SSSD "
+"backend is online."
+msgstr ""
+"<command>sss_cache</command> �ка�овує визначенн� запи�ів у кеші SSSD. Дані "
+"запи�ів зі �ка�ованими визначенн�ми буде перезавантажено з �ервера у "
+"приму�овому пор�дку, щойно відповідний модуль SSSD отримає до них до�туп."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:42
+msgid ""
+"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
+msgstr ""
+"<option>-u</option>,<option>--user</option> <replaceable>реє�траційні дані</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:47
+msgid "Invalidate specific user."
+msgstr "Ска�увати визначенн� вказаного кори�тувача."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:53
+msgid "<option>-U</option>,<option>--users</option>"
+msgstr "<option>-U</option>,<option>--users</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:57
+msgid ""
+"Invalidate all user records. This option overrides invalidation of specific "
+"user if it was also set."
+msgstr ""
+"Ска�увати визначенн� в�іх запи�ів. Цей параметр має вищий пріоритет за "
+"параметр �ка�уванн� визначенн� дл� будь-�кого кори�тувача, �кщо такий "
+"параметр вказано."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:64
+msgid ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+msgstr ""
+"<option>-g</option>,<option>--group</option> <replaceable>група</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:69
+msgid "Invalidate specific group."
+msgstr "Ска�увати визначенн� вказаної групи."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:75
+msgid "<option>-G</option>,<option>--groups</option>"
+msgstr "<option>-G</option>,<option>--groups</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:79
+msgid ""
+"Invalidate all group records. This option overrides invalidation of specific "
+"group if it was also set."
+msgstr ""
+"Ска�увати визначенн� запи�ів дл� в�іх груп. Цей параметр має вищий пріоритет "
+"за параметр �ка�уванн� визначенн� дл� будь-�кої групи, �кщо такий параметр "
+"вказано."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:86
+msgid ""
+"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
+"replaceable>"
+msgstr ""
+"<option>-n</option>,<option>--netgroup</option> <replaceable>мережева група</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:91
+msgid "Invalidate specific netgroup."
+msgstr "Ска�увати визначенн� вказаної мережевої групи."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:97
+msgid "<option>-N</option>,<option>--netgroups</option>"
+msgstr "<option>-N</option>,<option>--netgroups</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:101
+msgid ""
+"Invalidate all netgroup records. This option overrides invalidation of "
+"specific netgroup if it was also set."
+msgstr ""
+"Ска�увати визначенн� в�іх запи�ів мережевих груп. Цей параметр має вищий "
+"пріоритет за параметр �ка�уванн� визначенн� дл� будь-�кої мережевої групи, "
+"�кщо такий параметр вказано."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:108
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>домен</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:113
+msgid "Restrict invalidation process only to a particular domain."
+msgstr "Обмежити процедуру �ка�уванн� визначенн� лише певним доменом."
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
+msgid "sss_debuglevel"
+msgstr "sss_debuglevel"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_debuglevel.8.xml:16
+msgid "change debug level while SSSD is running"
+msgstr "змінити рівень діагно�тики прот�гом �еан�у роботи з SSSD"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_debuglevel.8.xml:21
+msgid ""
+"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
+"replaceable></arg>"
+msgstr ""
+"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg "
+"choice='plain'><replaceable>�ОВИЙ_РІВЕ�Ь_ДІ�Г�ОСТИКИ</replaceable></arg>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_debuglevel.8.xml:32
+msgid ""
+"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
+"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
+"running."
+msgstr ""
+"<command>sss_debuglevel</command> змінює рівень діагно�тики за�обу "
+"�по�тереженн� та надавачів даних SSSD на вказане значенн� "
+"<replaceable>�ОВИЙ_РІВЕ�Ь_ДІ�Г�ОСТИКИ</replaceable> під ча� роботи SSSD."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_debuglevel.8.xml:59
+msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+msgstr "<replaceable>�ОВИЙ_РІВЕ�Ь_ДІ�Г�ОСТИКИ</replaceable>"
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
+msgid "sss_ssh_authorizedkeys"
+msgstr "sss_ssh_authorizedkeys"
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
+msgid "1"
+msgstr "1"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_authorizedkeys.1.xml:16
+msgid "get OpenSSH authorized keys"
+msgstr "отримати уповноважені ключі OpenSSH"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_authorizedkeys.1.xml:21
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>USER</replaceable></arg>"
+msgstr ""
+"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
+"<replaceable>параметри</replaceable> </arg> <arg "
+"choice='plain'><replaceable>КОРИСТУВ�Ч</replaceable></arg>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:32
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
+"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
+"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> for more information)."
+msgstr ""
+"<command>sss_ssh_authorizedkeys</command> отримує відкриті ключі SSH дл� "
+"кори�тувача <replaceable>КОРИСТУВ�Ч</replaceable> і виводить їх у форматі "
+"authorized_keys OpenSSH (щоб дізнати�� більше, див. розділ <quote>ФОРМ�Т "
+"Ф�ЙЛІВ AUTHORIZED_KEYS</quote> на �торінці підручника (man) з "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry>)."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:41
+msgid ""
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
+"command> for public key user authentication if it is compiled with support "
+"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
+"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> options."
+msgstr ""
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> можна налаштувати на викори�танн� "
+"<command>sss_ssh_authorizedkeys</command> дл� розпізнаванн� кори�тувачів за "
+"відкритими ключами, �кщо програму зібрано з підтримкою параметра "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> <quote>AuthorizedKeysCommand</quote> або "
+"<quote>PubkeyAgent</quote>."
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:58
+#, no-wrap
+msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgstr "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:51
+msgid ""
+"If <quote>AuthorizedKeysCommand</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by putting the following directive "
+"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+"Якщо передбачено підтримку <quote>AuthorizedKeysCommand</quote>, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> можна налаштувати на викори�танн� ключів за допомогою такої "
+"ін�трукції у <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:69
+#, no-wrap
+msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:62
+msgid ""
+"If <quote>PubkeyAgent</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by using the following directive "
+"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
+msgstr ""
+"Якщо передбачено підтримку <quote>PubkeyAgent</quote>, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> може бути налаштовано на викори�танн� ключів за допомогою "
+"такої ін�трукції <citerefentry> <refentrytitle>sshd</refentrytitle> "
+"<manvolnum>8</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:87
+msgid ""
+"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+"Шукати відкриті ключі кори�тувачів у домені SSSD <replaceable>ДОМЕ�</"
+"replaceable>."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:98
+msgid ""
+"<citerefentry> <refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sshd_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+msgstr ""
+"<citerefentry> <refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sshd_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
+msgid "sss_ssh_knownhostsproxy"
+msgstr "sss_ssh_knownhostsproxy"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_knownhostsproxy.1.xml:16
+msgid "get OpenSSH host keys"
+msgstr "отримати ключі вузла OpenSSH"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_knownhostsproxy.1.xml:21
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
+"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
+msgstr ""
+"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
+"<replaceable>параметри</replaceable> </arg> <arg "
+"choice='plain'><replaceable>ВУЗОЛ</replaceable></arg> <arg "
+"choice='opt'><replaceable>КОМ��Д�_ПРОКСІ</replaceable></arg>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:33
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
+"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
+"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
+"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> for more information)  <filename>/var/lib/sss/"
+"pubconf/known_hosts</filename> and estabilishes connection to the host."
+msgstr ""
+"<command>sss_ssh_knownhostsproxy</command> отримує відкриті ключі вузла SSH "
+"дл� вузла <replaceable>ВУЗОЛ</replaceable>, зберігає їх до нетипового файла "
+"OpenSSH known_hosts (щоб дізнати�� більше, ознайомте�� з розділом "
+"<quote>ФОРМ�Т Ф�ЙЛІВ SSH_KNOWN_HOSTS</quote> �торінки підручника (man) "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry>) за адре�ою <filename>/var/lib/sss/pubconf/known_hosts</"
+"filename> і в�тановлює з’єднанн� з вузлом."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:43
+msgid ""
+"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
+"create the connection to the host instead of opening a socket."
+msgstr ""
+"Якщо вказано параметр <replaceable>КОМ��Д�_ПРОКСІ</replaceable>, замі�ть "
+"відкритт� �окета дл� �творенн� з’єднанн� буде викори�тано відповідну команду."
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_knownhostsproxy.1.xml:55
+#, no-wrap
+msgid ""
+"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
+"GlobalKnownHostsFile2 /var/lib/sss/pubconf/known_hosts\n"
+msgstr ""
+"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
+"GlobalKnownHostsFile2 /var/lib/sss/pubconf/known_hosts\n"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:48
+msgid ""
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</"
+"command> for host key authentication by using the following directives for "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> можна налаштувати на викори�танн� "
+"<command>sss_ssh_knownhostsproxy</command> дл� розпізнаванн� вузлів за "
+"ключами за допомогою таких ін�трукцій у налаштуванн�х "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_ssh_knownhostsproxy.1.xml:69
+msgid ""
+"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
+msgstr ""
+"<option>-p</option>,<option>--port</option> <replaceable>ПОРТ</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:74
+msgid ""
+"Use port <replaceable>PORT</replaceable> to connect to the host.  By "
+"default, port 22 is used."
+msgstr ""
+"Викори�товувати дл� в�тановленн� з’єднанн� з вузлом порт <replaceable>ПОРТ</"
+"replaceable>. Типовим портом є порт 22."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:86
+msgid ""
+"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+"Шукати відкриті ключі вузлів у домені SSSD <replaceable>ДОМЕ�</replaceable>."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:97
+msgid ""
+"<citerefentry> <refentrytitle>ssh</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>ssh_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+msgstr ""
+"<citerefentry> <refentrytitle>ssh</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>ssh_config</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle><manvolnum>1</"
+"manvolnum> </citerefentry>."
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -7959,8 +8130,145 @@ msgstr "<option>-h</option>,<option>--help</option>"
 msgid "Display help message and exit."
 msgstr "Показати довідкове повідомленн� і завершити роботу."
 
-#~ msgid "ldap_purge_cache_timeout"
-#~ msgstr "ldap_purge_cache_timeout"
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:3
+msgid ""
+"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
+"default value as well as the lowest allowed value, 0xFFF0 is the most "
+"verbose mode. This setting overrides the settings from config file."
+msgstr ""
+"Бітова ма�ка, �ка визначає рівні діагно�тики, дані �ких буде показано. "
+"0x0010 — типове і найменше можливе значенн�. 0xFFF0 — найдокладніший режим. "
+"Визначенн� цього параметра має пріоритет над визначенн�м у файлі налаштувань."
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:8
+msgid "Currently supported debug levels:"
+msgstr "Рівні діагно�тики, передбачені у поточній вер�ії:"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:11
+msgid ""
+"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
+"SSSD from starting up or causes it to cease running."
+msgstr ""
+"<emphasis>0x0010</emphasis>: критичні помилки з аварійним завершенн�м "
+"роботи. В�і помилки, �кі не дають SSSD змоги розпочати або продовжувати "
+"роботу."
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:15
+msgid ""
+"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
+"the SSSD, but one that indicates that at least one major feature is not "
+"going to work properly."
+msgstr ""
+"<emphasis>0x0020</emphasis>: критичні помилки. Помилки, �кі не призвод�ть до "
+"аварійного завершенн� роботи SSSD, але означають, що одна з о�новних "
+"можливо�тей не працює належним чином."
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:20
+msgid ""
+"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
+"particular request or operation has failed."
+msgstr ""
+"<emphasis>0x0040</emphasis>: �ерйозні помилки. Повідомленн� про такі помилки "
+"означають, що не вдало�� виконати певний запит або дію."
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:24
+msgid ""
+"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
+"percolate down to cause the operation failure of 2."
+msgstr ""
+"<emphasis>0x0080</emphasis>: незначні помилки. Це помилки �кі можуть "
+"призве�ти до помилок під ча� виконанн� дій."
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:28
+msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+msgstr "<emphasis>0x0100</emphasis>: параметри налаштуванн�."
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:31
+msgid "<emphasis>0x0200</emphasis>: Function data."
+msgstr "<emphasis>0x0200</emphasis>: дані функцій."
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:34
+msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+msgstr "<emphasis>0x0400</emphasis>: повідомленн� тра�уванн� дл� функцій дій."
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:37
+msgid ""
+"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+msgstr ""
+"<emphasis>0x1000</emphasis>: повідомленн� тра�уванн� дл� функцій "
+"внутрішнього тра�уванн�."
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:40
+msgid ""
+"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
+"may be interesting."
+msgstr ""
+"<emphasis>0x2000</emphasis>: вмі�т внутрішніх змінних функцій, �кий може "
+"бути цікавим."
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:43
+msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+msgstr "<emphasis>0x4000</emphasis>: дані тра�уванн� найнижчого рівн�."
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:46
+msgid ""
+"To log required debug levels, simply add their numbers together as shown in "
+"following examples:"
+msgstr ""
+"Щоб до журналу було запи�ано дані потрібних рівнів діагно�тики, про�то "
+"додайте відповідні чи�ла, �к це показано у наведених нижче прикладах:"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:49
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
+"serious failures and function data use 0x0270."
+msgstr ""
+"<emphasis>Example</emphasis>: щоб до журналу було запи�ано дані щодо "
+"критичних помилок з аварійним завершенн�м роботи, критичних помилок, "
+"�ерйозних помилок та дані функцій, �кори�тайте�� рівнем діагно�тики 0x0270."
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:53
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
+"function data, trace messages for internal control functions use 0x1310."
+msgstr ""
+"<emphasis>Приклад</emphasis>: щоб до журналу було запи�ано критичні помилки "
+"з аварійним завершенн�м роботи, параметри налаштуванн�, дані функцій та "
+"повідомленн� тра�уванн� дл� функцій внутрішнього керуванн�, �кори�тайте�� "
+"рівнем 0x1310."
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:57
+msgid ""
+"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
+"1.7.0.  Older format (numbers from 0-10) is compatible but deprecated."
+msgstr ""
+"<emphasis>Зауваженн�</emphasis>: цей новий формат визначенн� рівнів "
+"діагно�тики впроваджено у вер�ії 1.7.0.  Визначенн� у форматах попередніх "
+"вер�ій (чи�ла від 0 до 10) �умі�ні �з поточною вер�ією, але вважають�� "
+"за�тарілими."
 
-#~ msgid "Supported services: nss, pam"
-#~ msgstr "Підтримувані �лужби: nss, pam"
+#. type: Content of: outside any tag (error?)
+#: include/experimental.xml:1
+msgid ""
+"<emphasis> This is an experimental feature, please use http://fedorahosted."
+"org/sssd to report any issues.  </emphasis>"
+msgstr ""
+"<emphasis> Цю можливі�ть ще не перевірено до�татнім чином. Будь ла�ка, �кщо "
+"помітите �кі�ь вади, повідомте про них за допомогою на�танов на �торінці "
+"http://fedorahosted.org/sssd.  </emphasis>"
diff --git a/src/man/po/ur.po b/src/man/po/ur.po
deleted file mode 100644
index dd3df542b..000000000
--- a/src/man/po/ur.po
+++ /dev/null
@@ -1,6313 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Urdu <trans-urdu@lists.fedoraproject.org>\n"
-"Language: ur\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/vi.po b/src/man/po/vi.po
deleted file mode 100644
index 0dc99ef42..000000000
--- a/src/man/po/vi.po
+++ /dev/null
@@ -1,6314 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Vietnamese (http://www.transifex.net/projects/p/fedora/team/"
-"vi/)\n"
-"Language: vi\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=1; plural=0\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po
deleted file mode 100644
index 7660ec58e..000000000
--- a/src/man/po/zh_CN.po
+++ /dev/null
@@ -1,6314 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Chinese (China) (http://www.transifex.net/projects/p/fedora/"
-"team/zh_CN/)\n"
-"Language: zh_CN\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=1; plural=0\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/zh_TW.po b/src/man/po/zh_TW.po
deleted file mode 100644
index 3ee9d093a..000000000
--- a/src/man/po/zh_TW.po
+++ /dev/null
@@ -1,6313 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Chinese (Taiwan) <trans-zh_TW@lists.fedoraproject.org>\n"
-"Language: zh_TW\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=1; plural=0\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-"                <replaceable>[section]</replaceable>\n"
-"                <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-"                <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-"            "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start.  This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD.  The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>.  This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones)  "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password.  If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests.  In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain.  This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations.  During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully.  For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever.  The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain.  Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain.  There are two built-in "
-"access providers (in addition to any included in installed backends)  "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain.  "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server.  See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings.  Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users.  "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users.  Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted.  If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed.  The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details.  <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel.  If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy.  If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used.  The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server.  Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary.  The way that some attributes are handled may also differ.  Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server.  With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN.  Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime)  will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call.  Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'.  If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites.  Typically this is a colon sperated "
-"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use.  When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames.  If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options.  Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules.  The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping.  For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-"                            ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-"                        "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-"    [domain/LDAP]\n"
-"    id_provider = ldap\n"
-"    auth_provider = ldap\n"
-"    ldap_uri = ldap://ldap.mydomain.org\n"
-"    ldap_search_base = dc=mydomain,dc=org\n"
-"    ldap_tls_reqcert = demand\n"
-"    cache_credentials = true\n"
-"    enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use.  Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    access_provider = simple\n"
-"    simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
-"the freeipa.org web site for information about IPA servers.)  This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options.  IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain.  This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
-"This is optional if autodiscovery is enabled.  For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-"    [domain/example.com]\n"
-"    id_provider = ipa\n"
-"    ipa_server = ipaserver.example.com\n"
-"    ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively.  The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account.  The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory.  The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>.  The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section.  Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units.  If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-"    [domain/FOO]\n"
-"    auth_provider = krb5\n"
-"    krb5_server = 192.168.1.1\n"
-"    krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy.  Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service.  The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""